If you knock down an email server, you could stand up a parallel server or you could find workarounds. If you knock down a factory floor, there is no real parallel, alternative to a factory floor.

One of the problems with security is ROI. If I put in next gen this and next gen that and no security events happen, am I justified in making those expenditures? How do you quantify a risk like that?

This is the story of how a researcher turns commercial and commonly used EDRs and Cloud-based backup systems into wipers against the very data they’re designed to protect.

There’s a lot of talk about using AI and LLM in security. For example, could ChatGPT detect the vulnerable spots for power for analysis in particular pieces of code using Advanced Encryption Standard?

You might think that internet connected cameras would be limited in use by a bad actor. Actually such devices can be an entry point into an organization, providing yet another means of accessing the internal network.

There’s a fake new report about three million internet-enabled toothbrushes contributing to a botnet. Unfortunately the mainstream media ran with the story before questioning its basic assumptions.

Ransomware groups have bifurcated with doing pure ransomware and others going straight to extortion; it’s whether the data is ransomed on your network or theirs.

The Purdue Model used in OT is essentially network security from the 1990s. New threats and new tech however required us to rethink that on the network side so how do we bring that new thinking to work with legacy OT system?

Flaws within the chips in our laptops, in our homes, and in our critical infrastructure could become the access one needs to steal data if not just shut down an assembly line, or hold up production of a vital resource like power or water.

Can your OT function if the IT system goes down? OT self-sufficiency is critical for infrastructure such as rail systems.

Quantum computers will change and even break the cryptography we have today. To defeat a ”Harvest Now, Decrypt Later” strategy by bad actors (even nation states), Denis Mandich, CTO and co-founder of Qrypt, is proposing a type of crypto agility that compiles the keys on your laptop instead of distributing them across the internet.

When we think of massive compute power, we think of the Cloud when we really should consider the millions of unprotected OT devices with even greater slack computer power that our current cloud services combined.

There’s much of the electromagnetic spectrum that we cannot see. Like how LED wristbands are triggered at concerts or how to identify someone at DEF CON in a crowd of cellphones and electrical devices.

How might we mitigate the risk to millions of unauthenticated devices already out in the field?

In a talk at Black Hat USA 2023, Sharon Brizinov and Noam Moshe from Claroty Team82, disclosed a significant vulnerability in the Open Platform Communications Universal Architecture or OPC-UA.

What would happen if someone stole the encryption keys for a major satellite? Well, it’d be game over. Unless the satellite used quantum cryptography.

This is a story of what’s needed for the Capture The Flag competition at DEF CON 31 to be hosted for the first time on a live satellite orbiting 400 kilometers above the Earth. Mike Walker continues his conversation, focusing more on the game to be played in Hack-A-Sat 4.

Moonlighter is the world’s first and only hacking sandbox in space. Currently orbiting the earth near the International Space Station, the satellite is the playground for this year’s Hack-A-Sat competition at DEF CON 31.

Could a personal medical device be a threat for an organization? Turns out it’s similar to protecting against an attack on a mobile device. Except a denial of service here could prove fatal.

Josh Corman, VP of Cyber Safety Strategy at Claroty, is a hacker who knows U.S. public policy well. Ten years ago he created a volunteer organization, IAMTHECALVALRY, to help educate sitting legislators on active cybersecurity issues.

This is the story about researchers who monitor the threats against IoT and OT systems, and the steps being taken to mitigate them.

There’s a lot of FUD around hacking the power grid. Most often, there’s a more common cause: Soot. Even Squirrels.

How the rapid proliferation of EV charging stations is already leading to attacks on the stations and the vehicles themselves, and what we should do about it.

The Biden-Harris 2023 National Cybersecurity Strategy breaks with Cold War thinking and offers a bold new approach to today’s online offense and defense.