This year has seen an enormous increase in the number and claimed impact of hacktivist attacks on critical infrastructure and enterprises operating in critical services. Many attacks target unmanaged devices such as Internet of Things (IoT) and operational technology (OT) equipment. Attacks are motivated by geopolitical or social developments across the globe, with the goal of spreading a message or causing physical disruption.

Continuing our OT:ICEFALL research, Vedere Labs has disclosed three new vulnerabilities affecting OT products from two German vendors: Festo automation controllers and the CODESYS runtime, which is used by hundreds of device manufacturers in different industrial sectors, including Festo.

Some economic sectors may be hitting the brakes, but the cybersecurity talent shortage persists across all industries and shows no signs of abating – not while sophisticated cyberattacks continue to rise in number and complexity. The 2022 (ISC)2 Cybersecurity Workforce Study found that even as the global cybersecurity workforce is at an all-time high, it is still short by 3.4 million workers.

In cybersecurity, three key terms are vulnerability, threat and risk. Often they’re tossed around interchangeably, but they have a specific relationship to one another..

On November 1, OpenSSL v3.0.7 was released, patching two new high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. The new vulnerabilities have been dubbed by the community as “Spooky SSL,” although the name is not recognized by the OpenSSL team. CVE-2022-3602 was originally discovered by a researcher known as Polar Bear, while CVE-2022-3786 was found during the analysis of the first vulnerability by Viktor Dukhovni.

Over the last two years since going private, Forescout has undergone a significant transformation. We are extremely proud of our 20+ year heritage as the world’s leading network access control provider, yet we knew that we had untapped potential.

The growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to. Most organizations now host a combination of interconnected IT, OT and IoT devices in their networks that has increased their attack surface.