This post provides highlights on cybersecurity in recent infrastructure legislation. Cybersecurity is essential to ensure modern infrastructure is safe, and Rapid7 commends Congress and the Administration for including cybersecurity in the Infrastructure Investment and Jobs Act.
In the critical infrastructure sector, one common challenge is the integration between kinetic emergency operations and cybersecurity incident response. Use these tactics to integrate these teams more naturally.
What’s the ROBOT Attack?
On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and
Craig Young published a paper, website, testing tool, and CTF at robotattack.org
[https://robotattack.org] detailing a padding oracle attack that affects the way
cryptography is handled on secure websites. ROBOT, which stands for Return Of
Bleichenbacher's Oracle Threat, details a weakness in the RSA encryption
standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a