What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-16 17:07:16 | The Importance of Physical Access Endpoint Detection (lien direct) | >In our latest blog, Nozomi Networks Labs share insights into host-based threats, highlight the importance of endpoint detection sensors like Arc, and explain how these sensors can be used to protect OT/IoT assets. | Industrial | ★★ | |
 |
2023-03-16 11:00:00 | Fortinet Zero-Day et Custom Maleware utilisés par un acteur chinois suspecté dans l'opération d'espionnage Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation (lien direct) |
Les acteurs de la menace cyber-espionnage continuent de cibler les technologies qui ne prennent pas en charge les solutions de détection et de réponse (EDR) telles que les pare-feu, dispositifs IoT , hypervisors et VPN Technologies (par exemple Fortinet , Sonicwall , Pulse Secure et autres).Mandiant a enquêté sur des dizaines d'intrusions à Defense Industrial Base (DIB), le gouvernement, la technologie et les organisations de télécommunications au cours des années où les groupes de Chine-Nexus suspectés ont exploité des vulnérabilités zéro-jours et déployé des logiciels malveillants personnalisés pour voler des informations d'identification et maintenir un accès à long terme et déployéaux environnements victimes.
nous
Cyber espionage threat actors continue to target technologies that do not support endpoint detection and response (EDR) solutions such as firewalls, IoT devices, hypervisors and VPN technologies (e.g. Fortinet, SonicWall, Pulse Secure, and others). Mandiant has investigated dozens of intrusions at defense industrial base (DIB), government, technology, and telecommunications organizations over the years where suspected China-nexus groups have exploited zero-day vulnerabilities and deployed custom malware to steal user credentials and maintain long-term access to the victim environments. We |
Malware Vulnerability Threat Industrial | ★★★ | |
 |
2023-03-16 03:44:09 | How Retiring Gas and Coal Plants Affects Grid Stability (lien direct) | Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for this last one – that was digital), it's safe to say they've had a good long run. So, what's the fuss? Apparently, a mass exodus of one-fourth of the production capacity of U.S. coal-based energy plants and nearly 10% of the nation's national gas supplies will be hard... | Industrial | ★★ | |
 |
2023-03-15 10:00:00 | OT Cybersecurity Best Practices for SMBs: Communication Channels to Use During Cyber Incident Response (lien direct) | >This is our monthly blog detailing best practices for operational technology (OT) cybersecurity for under-resourced organizations by Dragos OT-CERT (Operational... The post OT Cybersecurity Best Practices for SMBs: Communication Channels to Use During Cyber Incident Response first appeared on Dragos. | Industrial | ★★★ | |
 |
2023-03-15 01:00:00 | Google Proposes Reducing TLS Cert Lifespan to 90 Days (lien direct) | Organizations will likely have until the end of 2024 to gain visibility and control over their keys and certificates. | Industrial | ★★★ | |
 |
2023-03-15 00:00:00 | Laplas Clipper: Defending against crypto-currency thieves with DETECT + RESPOND (lien direct) | Between June 2021 and June 2022, crypto-currency platforms around the world lost an estimated 44 billion USD to cyber criminals, whose modus operandi range from stealing passwords and account recovery phrases, to cryptojacking and directly targeting crypto-currency transactions. | Industrial | ★★★ | |
 |
2023-03-14 22:25:08 | Presidential advisory council recommends cyber mandates for critical infrastructure (lien direct) | >The National Infrastructure Advisory Council also stresses the need for cybersecurity mandates on tech vendors serving the industrial sector. | Industrial | ★★ | |
|
2023-03-14 21:48:00 | Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity (lien direct) | >The National Infrastructure Advisory Council also stresses the need for cybersecurity mandates on tech vendors serving the industrial sector. | Industrial | ★★★ | |
 |
2023-03-14 12:59:10 | Camozzi Group and Radiflow announce a collaboration on Industrial Systems Cybersecurity (lien direct) | Camozzi Group and Radiflow announce a collaboration on Industrial Systems Cybersecurity Camozzi Group and Radiflow, an Israeli OT security company owned by Sabanci Holding, launch a cybersecurity collaboration to implement OT cybersecurity solutions in industrial automation production sites - Market News | Industrial | ★ | |
|
2023-03-13 10:00:00 | Industrial Infrastructure Cybersecurity Requirements are Expanding, and OT-CERT is Here to Help! (lien direct) | >New Requirements Create Resource Challenges, Especially for Small and Medium Organizations The cyber threat environment in industrial infrastructure has escalated... The post Industrial Infrastructure Cybersecurity Requirements are Expanding, and OT-CERT is Here to Help! first appeared on Dragos. | Threat Industrial | ★★ | |
|
2023-03-09 15:00:00 | 5 Critical Components of Effective ICS/OT Security (lien direct) | These agile controls and processes can help critical infrastructure organizations build an ICS security program tailored to their own risk profile. | Industrial | ★★★ | |
|
2023-03-07 15:00:00 | Ransomware\'s Favorite Target: Critical Infrastructure and Its Industrial Control Systems (lien direct) | The health, manufacturing, and energy sectors are the most vulnerable to ransomware. | Industrial | ★★★ | |
|
2023-03-07 12:32:38 | Brivo Partners With Sanico USA to Bring Improved Security to Commercial and Industrial Facilities Nationwide (lien direct) | Brivo Partners With Sanico USA to Bring Improved Security to Commercial and Industrial Facilities Nationwide Collaboration Delivers Industry's Most Advanced Access Control Solutions for Construction Site Safety - Business News | Industrial | ★★ | |
 |
2023-03-06 17:30:00 | Almost Half of Industrial Sector Computers Affected By Malware in 2022 (lien direct) | Kaspersky said the figures represented a 1.5 increase compared with the second half of 2021 | Malware Industrial | ★★ | |
 |
2023-03-06 10:00:45 | Threat landscape for industrial automation systems for H2 2022 (lien direct) | In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. | Threat Industrial | ★★★ | |
|
2023-03-06 07:59:27 | BeyondTrust : Cybersécurité dans l\'IoT, risques et préventions (lien direct) | L'IoT étend constamment nos réseaux domestiques et professionnels. L'IoT existe aussi dans les réseaux "edge computing" pour fournir des données de proximité. Cependant, l'IoT et ses versions industrielles (IIoT) continuent de poser des risques très importants pour la sécurité des entreprises explique BeyondTrust. - Points de Vue | Industrial | ★★ | |
|
2023-03-02 16:06:57 | Fortinet Introduces New Specialised Cybersecurity Products and Professional Services for Operational Technology Environments (lien direct) | Fortinet Introduces New Specialised Cybersecurity Products and Professional Services for Operational Technology Environments New and enhanced OT security offerings extend the capabilities of the Fortinet Security Fabric, reinforcing Fortinet's commitment to reducing cybersecurity risk for cyber-physical and industrial control systems - Product Reviews | Industrial | ★★ | |
|
2023-03-01 18:06:04 | Take Your ICS/OT Cybersecurity Skills to the Next Level with Dragos Academy (lien direct) | >Dragos Academy is a learning environment where you can get acclimated with cybersecurity fundamentals for industrial control systems (ICS) and... The post Take Your ICS/OT Cybersecurity Skills to the Next Level with Dragos Academy first appeared on Dragos. | Industrial | ★★ | |
|
2023-02-23 17:33:00 | (ISC)² Opens Security Congress 2023 Call for Presentations (lien direct) | (ISC)2 members and cybersecurity professionals worldwide are encouraged to share their expertise, best practices and experiences with their peers and career hopefuls. | Industrial | ★★★ | |
|
2023-02-23 15:21:49 | Nomios Group expands in Southern Europe with the Italian Cybersecurity expert Aditinet (lien direct) | Nomios Group announced that it has completed the acquisition of a majority stake in Aditinet, a prominent cybersecurity company in the Italian market. The acquisition strengthens Nomios' European position as one of the leading cybersecurity service companies. - Business News | Guideline Industrial | ★★ | |
|
2023-02-22 22:10:00 | UL Solutions Advances Automotive Safety and Security (lien direct) | A combined team of UL Solutions safety science experts will address automotive cybersecurity, functional safety, automated driving and software development processes to help customers bring safer, more secure innovations to market. | Industrial | ★★ | |
 |
2023-02-22 20:30:12 | No, ChatGPT didn\'t win a hacking competition prize…yet (lien direct) | $20k Pwn2Own prize for the humans, zero for the AI It was bound to happen sooner or later. For the first time ever, bug hunters used ChatGPT in a successful Pwn2Own exploit, helping the researchers to hack software used in industrial applications and win $20,000.… | Hack Industrial | ChatGPT | ★★★ |
|
2023-02-22 15:19:30 | More vulnerabilities in industrial systems raise fresh concerns about critical infrastructure hacks (lien direct) | >Researchers have revealed details about flaws in industrial systems that could give hackers access to the most sensitive networks. | Industrial | ★★ | |
 |
2023-02-22 11:00:00 | Governance of Zero Trust in manufacturing (lien direct) | Manufacturers are some of the most ambitious firms on the planet when it comes to harnessing the power of edge technology to modernize their businesses. As they make plans in 2023 to enhance business outcomes through the use of technologies such as 5G and IoT, manufacturers should also increasingly be called to innovate in the spheres of governance and cyber risk management. OT-IT convergence drives manufacturing modernization The convergence of operational technology (OT) on the factory floor with information technology (IT) is nearly synonymous with manufacturing modernization. OT-IT convergence enables new digital processes, remote connections, and smarter operations. It's a business outcome-oriented transformation that executive stakeholders have future success pinned upon. Recent studies from AT&T show that manufacturers are investing in initiatives such as smart warehousing, transportation optimization and video-based quality inspection at such a rate that the industry is advancing ahead of energy, finance, and healthcare verticals when it comes to edge adoption today. But to reap the business benefits from these investments, manufacturers need to recognize and attend to the cyber risk realities that are part and parcel with this inevitable convergence. Cybercriminals are increasingly targeting industrial control system (ICS) technologies that are the bedrock of the OT ecosystems. Attackers have learned to take advantage of ICS hyperconnectivity and convergence with the IT realm to great effect. Last year's warning from the federal Cybersecurity and Infrastructure Security Agency (CISA) attests to this, as do high-profile attacks last year against tire manufacturers, wind turbine producers, steel companies, car manufacturers, and more. Reducing risk through Zero Trust One of the most promising ways that manufacturers can begin to reduce the risk of these kinds of attacks is through the controls afforded by a Zero Trust architecture. From a technical perspective, Zero Trust unifies endpoint security technology, user, or system authentication, and network security enforcement to prevent unrestrained access to OT or IT networks—and reduce the risk of unchecked lateral movement by attackers. With Zero Trust, access is granted conditionally based on the risk level of users (or machines, or applications). It's a simple, elegant concept that requires careful execution to carry out. Thus, when looking at building a zero-trust strategy, ZTNA 2.0 solutions have a role to play in helping apply more effective controls at the application level that are responsive to account takeover attempts. ZTNA 2.0 combines fine-grained, least- privileged access with continuous trust verification and deep, ongoing security inspection to protect all users, devices, apps, and data everywhere – all from a simple unified product. Most importantly, too, is that Zero Trust requires business stakeholder input and collaboration to get right. Just as business stakeholders in manufacturing drive the push to the edge and the push for all nature of digital transformation and OT-IT convergence, they've got to be intimately involved with Zero Trust initiatives to spur success. "Technology can come and go, but what manufacturers are really after are business outcomes," says Theresa Lanowitz, head of cybersecurity evangelism for AT&T. "That's where we need to focus when it comes to Zero Trust—at its core it needs to be driven by the business, which really sets the North Star for Zero Trust governance." | Industrial | ★★ | |
|
2023-02-14 22:47:00 | OT Network Security Myths Busted in a Pair of Hacks (lien direct) | How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network. | Industrial | ★★ | |
 |
2023-02-14 18:53:13 | Ransomware attacks on industrial infrastructure doubled in 2022: Dragos (lien direct) |  The number of ransomware attacks on industrial infrastructure grew significantly in 2022, according to cybersecurity firm Dragos |
Ransomware Industrial | ★★★ | |
 |
2023-02-14 17:48:00 | Anomali Cyber Watch: Hospital Ransoms Pay for Attacks on Defense, Nodaria Got Upgraded Go-Based Infostealer, TA866 Moved Screenshot Functionality to Standalone Tool (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Infostealers, Malicious packages, Malicious redirects, North Korea, Ransomware, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
(published: February 9, 2023)
The US and South Korea issued a joint advisory on ongoing, North Korea-sponsored ransomware activity against healthcare and other critical infrastructure. The proceedings are used to fund North Korea’s objectives including further cyber attacks against the US and South Korean defense and defense industrial base sectors. For initial access, the attackers use a trojanized messenger (X-Popup) or various exploits including those targeting Apache log4j2 and SonicWall appliances. Despite having two custom ransomware crypters, Maui and H0lyGh0st, the attackers can portray themselves as a different ransomware group (REvil) and/or use publicly-available crypters, such as BitLocker, Deadbolt, ech0raix, GonnaCry, Hidden Tear, Jigsaw, LockBit 2.0, My Little Ransomware, NxRansomware, Ryuk, and YourRansom.
Analyst Comment: Organizations in the healthcare sector should consider following the Cross-Sector Cybersecurity Performance Goals developed by the U.S. Cybersecurity and Infrastructure Security Agency and the U.S. National Institute of Standards and Technology. Follow the principle of least privilege by using standard user accounts on internal systems instead of administrative accounts. Turn off weak or unnecessary network device management interfaces.
MITRE ATT&CK: [MITRE ATT&CK] T1583 - Acquire Infrastructure | [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1133 - External Remote Services | [MITRE ATT&CK] T1195 - Supply Chain Compromise | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1021 - Remote Services | [MITRE ATT&CK] T1486: Data Encrypted for Impact
Tags: malware-type:Ransomware, source-country:North Korea, source-country:DPRK, source-country:KP, target-industry:Healthcare, target-sector:Critical infrastructure, target-industry:Defense, target-industry:Defense Industrial Base, Log4Shell, SonicWall, CVE-2021-44228, CVE-2021-20038, CVE-2022-24990, X-Popup, malware:Maui, malware:H0lyGh0st, malware:BitLocker, malware:Deadbolt, malware:ech0raix, malware:GonnaCry, malware:Hidden Tear, malware:Jigsaw, malware:LockBit 2.0, malware:My Little Ransomware, malware:NxRansomware, malware:Ryuk, malware:YourRansom
|
Ransomware Malware Tool Threat Industrial | ★★ | |
|
2023-02-14 15:10:00 | SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Infostealers, Malicious packages, Malicious redirects, North Korea, Ransomware, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
(published: February 9, 2023)
The US and South Korea issued a joint advisory on ongoing, North Korea-sponsored ransomware activity against healthcare and other critical infrastructure. The proceedings are used to fund North Korea’s objectives including further cyber attacks against the US and South Korean defense and defense industrial base sectors. For initial access, the attackers use a trojanized messenger (X-Popup) or various exploits including those targeting Apache log4j2 and SonicWall appliances. Despite having two custom ransomware crypters, Maui and H0lyGh0st, the attackers can portray themselves as a different ransomware group (REvil) and/or use publicly-available crypters, such as BitLocker, Deadbolt, ech0raix, GonnaCry, Hidden Tear, Jigsaw, LockBit 2.0, My Little Ransomware, NxRansomware, Ryuk, and YourRansom.
Analyst Comment: Organizations in the healthcare sector should consider following the Cross-Sector Cybersecurity Performance Goals developed by the U.S. Cybersecurity and Infrastructure Security Agency and the U.S. National Institute of Standards and Technology. Follow the principle of least privilege by using standard user accounts on internal systems instead of administrative accounts. Turn off weak or unnecessary network device management interfaces.
MITRE ATT&CK: [MITRE ATT&CK] T1583 - Acquire Infrastructure | [MITRE ATT&CK] T1583.003 - Acquire Infrastructure: Virtual Private Server | [MITRE ATT&CK] T1190 - Exploit Public-Facing Application | [MITRE ATT&CK] T1133 - External Remote Services | [MITRE ATT&CK] T1195 - Supply Chain Compromise | [MITRE ATT&CK] T1083 - File And Directory Discovery | [MITRE ATT&CK] T1021 - Remote Services | [MITRE ATT&CK] T1486: Data Encrypted for Impact
Tags: malware-type:Ransomware, source-country:North Korea, source-country:DPRK, source-country:KP, target-industry:Healthcare, target-sector:Critical infrastructure, target-industry:Defense, target-industry:Defense Industrial Base, Log4Shell, SonicWall, CVE-2021-44228, CVE-2021-20038, CVE-2022-24990, X-Popup, malware:Maui, malware:H0lyGh0st, malware:BitLocker, malware:Deadbolt, malware:ech0raix, malware:GonnaCry, malware:Hidden Tear, malware:Jigsaw, malware:LockBit 2.0, malware:My Little Ransomware, malware:NxRansomware, malware:Ryuk, malware:YourRansom
|
Tool Industrial | ★★★ | |
 |
2023-02-14 14:41:00 | Attacks on industrial infrastructure on the rise, defenses struggle to keep up (lien direct) | The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that's capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled external connections into their OT networks."A number of the threats that Dragos tracks may evolve their disruptive and destructive capabilities in the future because adversaries often do extensive research and development (R&D) and build their programs and campaigns over time," the Dragos researchers said in a newly released annual report. "This R&D informs their future campaigns and ultimately increases their disruptive capabilities."To read this article in full, please click here | Malware Industrial | ★★ | |
|
2023-02-14 10:01:00 | Just Released – Dragos\'s Latest ICS/OT Cybersecurity Year in Review Is Now Available (lien direct) | >In 2022, breakthrough evolution in the development of malware targeting industrial control systems (ICS), scaled ransomware attacks against manufacturing, and... The post Just Released – Dragos's Latest ICS/OT Cybersecurity Year in Review Is Now Available first appeared on Dragos. | Ransomware Malware Industrial | ★★ | |
 |
2023-02-13 15:29:00 | Honeypot-Factory: The Use of Deception in ICS/OT Environments (lien direct) | There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data does not indicate at this point that a lot of threat actors specifically | Threat Industrial | ★★ | |
|
2023-02-13 02:50:26 | Cybersecurity Is Necessary for Mission-Critical Energy Grids (lien direct) | Today's energy sector is undergoing massive change, especially as more utilities try to usher in clean or renewable energy alternatives like solar, geothermal, hydroelectric, and wind power. In addition to the clean energy transition, grid modernization is another major shift in the energy industry. The Industrial Internet of Things (IIoT) is expected to transform the energy grid and support modernization efforts. However, with more technological innovations than ever before, operators must make careful considerations, especially in light of recent cyberattacks against critical infrastructure... | Industrial | ★★ | |
|
2023-02-10 11:19:56 | ChatGPT pourrait déjà être utilisé par les États-nation dans le cadre de cyberattaques (lien direct) | ChatGPT pourrait déjà être utilisé par les États-nation dans le cadre de cyberattaques Une récente étude BlackBerry, montre que 63 % des décideurs IT français interrogés pensent que ChatGPT sera à l'origine d'une cyberattaque réussie d'ici 1 à 2 ans. 92 % estimeraient que la réglementation des technologies avancées - comme ChatGPT, et leurs usages est du ressort des gouvernements. - Malwares | Industrial | ChatGPT | ★★★ |
|
2023-02-10 10:45:00 | Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks (lien direct) | It's common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers.Industrial cybersecurity firm Otorio released a report this week highlighting the attack vectors these devices are susceptible to along with vulnerabilities the company's researchers found in several such products. "Industrial wireless IoT devices and their cloud-based management platforms are attractive targets to attackers looking for an initial foothold in industrial environments," the Otorio researchers said in their report. "This is due to the minimal requirements for exploitation and potential impact."To read this article in full, please click here | Industrial | ★★★ | |
|
2023-02-10 10:30:00 | Fifth of ICS Bugs Have No Patch Available (lien direct) | Some industrial systems have been exposed for three years | Industrial | ★★★ | |
|
2023-02-09 19:39:00 | Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices (lien direct) | A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli | Threat Industrial | ★★★★ | |
|
2023-02-08 18:45:00 | GAO Calls for Action to Protect Cybersecurity of Critical Energy, Communications Networks (lien direct) | Enhanced industrial control systems cybersecurity for energy and communications sector among top recommendations in new GAO cybersecurity assessment. | Industrial | ★★ | |
 |
2023-02-08 13:18:38 | Siemens License Manager Vulnerabilities Allow ICS Hacking (lien direct) | >The Siemens Automation License Manager is affected by two serious vulnerabilities that could be chained to hack industrial control systems (ICS). | Hack Industrial | ★★ | |
|
2023-02-08 04:31:31 | The Role of Data Hygiene in the Security of the Energy Industry (lien direct) | We create massive amounts of data daily, from the exercise stats compiled by our wearable devices to smart meters used at our homes to reduce expense consumption to maintenance statistics of critical systems in industrial settings. If data creation continues at its present rate, more than a yottabyte (a million trillion megabytes) will likely be generated annually by 2030. Even though big data is moving power behind modern, digital-first organizations, an average company uses only a fraction of the data they collect. According to a recent survey by VMware, 83% of business leaders believe that... | Guideline Industrial | ★★ | |
|
2023-02-07 18:10:00 | Industrial Cybersecurity Innovator Opscura Receives $9.4M in Series A Funding as Critical Operations Transform (lien direct) | We create massive amounts of data daily, from the exercise stats compiled by our wearable devices to smart meters used at our homes to reduce expense consumption to maintenance statistics of critical systems in industrial settings. If data creation continues at its present rate, more than a yottabyte (a million trillion megabytes) will likely be generated annually by 2030. Even though big data is moving power behind modern, digital-first organizations, an average company uses only a fraction of the data they collect. According to a recent survey by VMware, 83% of business leaders believe that... | Industrial | ★★ | |
 |
2023-02-07 17:15:11 | CVE-2022-41313 (lien direct) | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | Vulnerability Guideline Industrial | ||
|
2023-02-07 17:15:11 | CVE-2022-41312 (lien direct) | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | Vulnerability Guideline Industrial | ||
|
2023-02-07 17:15:10 | CVE-2022-41311 (lien direct) | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | Vulnerability Guideline Industrial | ||
|
2023-02-07 17:15:10 | CVE-2022-40693 (lien direct) | A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | Vulnerability Guideline Industrial | ||
|
2023-02-07 17:15:10 | CVE-2022-40691 (lien direct) | An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | Vulnerability Guideline Industrial | ||
|
2023-02-07 17:15:10 | CVE-2022-40224 (lien direct) | A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | Vulnerability Guideline Industrial | ||
|
2023-02-06 03:10:01 | How to Advance ICS Cybersecurity: Implement Continuous Monitoring (lien direct) | Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control systems like Remote Terminal Units (RTU) and Programmable Logic Controllers (PLC). A malfunction in any of these systems or the network in which they operate could result in the failure of the entire industrial process, with... | Industrial | ★★★★ | |
|
2023-02-02 06:15:08 | CVE-2022-33323 (lien direct) | Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | Vulnerability Industrial | ||
|
2023-02-01 16:00:00 | Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover (lien direct) | Two security holes - one particularly gnarly - could allow hackers the freedom to do as they wish with the popular edge equipment. | Industrial | ★★ | |
|
2023-02-01 12:00:00 | Cyber Insights 2023: ICS and Operational Technology (lien direct) | >The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while cybercriminals have had their restraints reduced. | Industrial | Equifax | ★★★ |
To see everything:
Our RSS (filtrered)
