Author: Eric Byres

Industrial Defender and aDolus Partner to Improve ICS Supply Chain Security

Industrial Defender’s integration with the aDolus FACT™ platform ensures updates are valid, tamper-free, and safe to install

aDolus Technology Inc., a global authority on software intelligence for the critical infrastructure software supply chain, today announced its partnership with Industrial Defender, a pioneer in operational technology (OT) security. The collaboration will mitigate the risk of supply chain attacks in ICS environments.

Read More

Wrapping Up 2020 with Dale Peterson

Wrapping up my year on December 31, I was delighted to join ICS cybersecurity luminary Dale Peterson for his December: ICS Security Month in Review episode of the Unsolicited Response Podcast. Dale was kind enough to invite me on to discuss the big stories of December 2020 and to throw out some predictions on what’s in store for us in 2021. Here I’ll present a quick teaser of our discussion; I encourage you to listen to the full podcast.

Read More

Three Things the SolarWinds Supply Chain Attack Can Teach Us

 Just in case you missed it, a software supply chain attack on the US government and industries is consuming the waking hours of everyone involved in cyber security this week. The attack involved the insertion of a compromised DLL infected with the SUNBURST malware directly into the DevOps environment of SolarWinds’ Orion network monitoring and management software. It was a cunning and subtle infiltration: the package was signed with a valid...

Read More

ReFirm Labs and aDolus Partner to Improve IoT Supply Chain Security

aDolus Technology Inc., a global authority on software intelligence for critical infrastructure, and ReFirm Labs, a provider of the industry’s first proactive IoT and firmware security solutions, today announced an integration partnership to improve the security and integrity of firmware for IoT devices in critical industries.

Read More

Windows 10 Certificate Validation Bug Exposes a Fundamental Weakness

The announcement Tuesday from the NSA about the new cryptographic vulnerability in the Microsoft Windows operating system sent ripples of shock through our entire community. In case you missed it, this devastating vulnerability (CVE-2020-0601) allows attackers to bypass trust mechanisms to falsify certificates, making them appear to come from a trusted source. It also allows attackers to falsely authenticate themselves on vulnerable HTTPS...

Read More