The open and most-widely-used framework for communication and vulnerability scoring, the CVSS (Common Vulnerability Scoring System), has been updated, incorporating improvements in its new version 3.1 with respect to the previous one. This standard assesses the severity of computer systems vulnerabilities and assigns them a score of 0 to 10.
Specialized blog with informative contents destined to a public with marked technical profile, in order to improve knowledge and create a culture about the security in Internet.
Post related to: Vulnerabilities
Over time, different communities of experts related to the world of industrial cybersecurity have realised the challenge of calculating the CVSS (Common Vulnerability Score System) for vulnerabilities in industrial environments. This article aims to show the alternatives proposed by experts, such as RSS-MD, TEMSL and IVSS in order to correctly calculate their severity in the industrial environment.
Given that availability is always a critical point to take into account for within industrial environments, it is necessary to prevent the attacks that denial of services cause and that affect these environments. The means of giving way to a denial of service can be diverse, much like the means of mitigating these problems. This article will review all of these points, as well as the way in which the risks derived from these attacks can be reduced.
I have identified a vulnerability in a device within an industrial control system... Now what? This article provides the guidelines to be followed when a vulnerability within an industrial control system is detected, and the different phases of this process.
In the same way that a known character or image is reflected within an industry by feigning a happy face, advanced persistent threats exist and are often camouflaged through the phenomenon of pareidolia (they resemble something else) within industrial networks. But how can we spot these threats? And, above all, is it possible to pre-empt their malicious intentions?
Today there is not a mobile phone on the planet that does not feature Bluetooth technology to connect to other wireless devices. To add to this, the emergence of the Industrial Internet of Things (IIoT) has generated multiple vectors of attack through this technology.