Keeping software up to date is a mainstay of good cybersecurity hygiene. But in rare cases when patches backfire — either by introducing new, more severe software flaws or failing to fix the old ones — it can set off a scramble to set things right.
Security researcher Vera Mens and her colleagues on Claroty’s Team82 took on some of the toughest challenges in the industrial cybersecurity field at Pwn2Own Miami.
Most of the code in typical applications comes from open-source projects, importing dozens — and often, hundreds — of components created by volunteers. As the Log4j incident shows, those deep dependencies can carry critical vulnerabilities.
The newly discovered Pipedream malware is aimed at American energy companies’ critical networks with alarming precision. Though it was caught before it could be used, the hacking tool’s emergence against the backdrop of war in Ukraine has drawn stark warnings from the U.S. and its allies.
Cybersecurity officials in the U.S. and Ukraine have exposed two powerful hacking tools aimed at the industrial control systems that underpin critical energy networks.
A trove of emails from top Homeland Security officials expose how the U.S. government scrambled to ensure the defenses of American utilities after Russia brought down parts of Ukraine’s power grid in 2015.
The second annual Hack-A-Sat competition pits security researchers against real satellite equipment as the U.S. military rushes to address space cybersecurity risks.
Multi-factor authentication offers users far more protection than a password alone. But experts warn it’s no panacea against hackers.
A tabletop exercise tested how space industry leaders would handle a potentially devastating breach of a satellite’s ground control uplink.
Cyberattacks targeting the “packages” that underpin global software programs have rattled the open-source community and exposed gaps in developers’ supply chain security practices.