Displaying items by tag: Claroty

“State of CPS Security: Healthcare Exposures 2025” Highlights the Most Urgent Healthcare Device and Network Vulnerabilities, Including OT Risks in Hospitals

Founder of Claroty’s Team82 and Former VP Research to Drive Innovation Across Products, Services, and Operations

Positioned highest for Ability to Execute and furthest for Completeness of Vision

COMPANY NEWS:  In rare five-year winning streak, Claroty xDome recognised by KLAS Research as highest-rated IoT security solution by healthcare customers

On Jan. 30, The Cybersecurity Infrastructure & Security Agency (CISA) released an alert, complemented by a notification from the US FDA suggesting that the Contec CMS8000 patient monitor and OEM white-label variants contain a backdoor communicating to a Chinese IP address.

GUEST RESEACH:  “State of CPS Security 2025: OT Exposures” Reveals the OT Device Exposures Most Coveted for Exploitation by Adversaries

Claroty’s research team has discovered three vulnerabilities in Planet Technology’s WGS-804HPT Industrial switches, which are widely used in building and home automation systems for a variety of networking applications such as IP surveillance and wireless LANs. These severe vulnerabilities could allow attackers to remotely execute code on affected devices and move laterally throughout the network.

GUEST OPINION:  Australian parliament recently passed the country’s first standalone Cyber Security Act, which brings in a range of additional legislation and protections around reporting ransomware incidents and sharing of information.

GUEST RESEARCH:

Executive Summary

• Team82 has researched devices manufactured by Ruijie Networks and discovered 10 vulnerabilities in its Reyee cloud management platform
• These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices
• The vulnerabilities, if exploited, could allow a malicious attacker to execute code on any cloud-enabled device, giving them the ability to control tens of thousands of devices
• In addition, Team82 has devised an attack called Open Sesame, in which an attacker can pinpoint exploit a device in close physical proximity through the cloud, executing arbitrary code on it and gaining access to its internal network

GUEST OPINION:  Claroty has unveiled its cybersecurity predictions for 2025 highlighting significant developments in the protection of Operational Technology (OT) and critical infrastructure sectors.

GUEST RESEARCH:  

Executive Summary

• Team82 has researched the security of the OvrC cloud platform, which is used by businesses and consumers to remotely manage IoT devices.
• We uncovered 10 different vulnerabilities that, when chained, allow attackers to execute code on OvrC cloud-connected devices, remotely over the cloud.
• OvrC Pro and OvrC Connect are affected; updates were released in May 2023 via ICSA-23-136-01 for eight vulnerabilities, and the two remaining issues were addressed in an update announced today: CISA's advisory is here.
• Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and more.
• We appreciate and thank SnapOne and CISA for coordinating the disclosure.

One out of five (22%) organisations in the ANZ region reported a losing US$1 million or more from cyber attacks affecting cyber-physical systems (CPS), according to Claroty’s The Global State of CPS Security 2024: Business Impact of Disruptions.

COMPANY NEWS: Claroty, the cyber-physical systems (CPS) protection company, today released new research from Team82 on remote access tool sprawl and the risk exposures it introduces to operational technology (OT) environments. Data from more than 50,000 remote-access-enabled devices showed that the volume of remote access tools deployed is excessive, with 55% of organisations having four or more and 33% having six or more.

GUEST OPINION: Organisations generally have a good handle on the security of their IT infrastructure, thanks to the hard work of their chief information security officers (CISOs). But Operational Technology (OT) on the other hand can present security teams with many blind spots.

Cyber-physical systems protection company Claroty has appointed Tim Mackie as vice president of worldwide channels and alliances.

COMPANY NEWS: Claroty, the cyber-physical systems (CPS) protection company, today announced a multi-year Strategic Collaboration Agreement (SCA) with Amazon Web Services (AWS). The SCA strengthens the two companies’ shared commitment to empowering organisations to securely harness the full potential of the cloud in their digital transformation journey, with Claroty’s industry-centric CPS protection platform and AWS’s scalable, reliable, and secure cloud infrastructure.

COMPANY NEWS: Claroty, the cyber-physical systems (CPS) protection company, today announced the appointment of Jason Pearce to the role of field chief technology officer for Asia Pacific and Japan. The introduction of this new role underscores Claroty’s outstanding growth in the region and its commitment to helping critical infrastructure organisations secure their increasingly complex environments.

GUEST OPINION: The increasing integration of Operational Technology (OT) and Information Technology (IT) in industrial operations is becoming more and more prominent. This convergence offers numerous benefits, including enhanced automation and improved efficiency. However, it also introduces significant cybersecurity challenges, especially concerning remote access.

COMPANY NEWS: Claroty, the cyber-physical systems (CPS) protection company, today announced that Forrester Research named the company as a Strong Performer in The Forrester Wave: Operational Technology Security Solutions, Q2 2024. In the report, Claroty received the top score among the Strong Performers in the strategy category, as well as the highest scores possible in the criteria of asset discovery and identification, privileged remote access, risk posture management, and policy and rule management within the current offering category.