Seguridad

Contenido Seguridad

Blog posted on 16/05/2025

La táctica Initial Access es una de las 12 tácticas que componen la matriz elaborada por MITRE para entornos industriales (para más información sobre la matriz, no dudes en consultar el artículo Matriz de SCI, el estado de la v11). Dentro de esta táctica, se muestran diferentes técnicas utilizadas por atacantes cuyo objetivo es ganar acceso no autorizado a entornos industriales.

Blog posted on 14/11/2024

A  CI/CD (Continuous Integration/Continuous Deployment) pipeline is an essential tool in modern software development, which allows you to automate and optimize the entire development lifecycle, from code integration to its deployment in production. The article aims to explain security in  CI/CD pipelines, motivating readers to adopt automated practices that not only optimize software development, but also minimize the associated risks. Keep in mind that automation carries certain risks if not handled safely, as it can increase the attack surface for cybercriminals. It underscores the importance of implementing security controls at every stage of the pipeline, urging developers to take initiative-taking steps to protect their code, their environments, and ultimately, their final products.

News posted on 10/10/2024
News updated on 07/08/2024
Blog posted on 19/10/2023

The arrival of the new version of CVSS (Common Vulnerability Scoring System) covers some deficiencies related to the assessment of vulnerabilities in the industrial world. The introduction of changes in the way of scoring different vulnerabilities, the incorporation of new metrics for elements of the industrial world such as "Safety" or the service recovery of a device, are some of the new features introduced in version 4 of the CVSS.

This article will analyze the new features brought by version 4.0 and its increased accuracy when assessing vulnerabilities in industrial environments for a better adequacy of the scores given.