What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-23 12:43:04 | Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability (lien direct) | >
Overview
A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.
The midair collision system flaws have been judged at low risk of being exploited, but one of the vulnerabilities does not presently have a fix. They could potentially be exploited from adjacent networks.
Other ICS vulnerabilities covered in the January 15-21 Cyble report to subscribers include flaws in critical manufacturing, energy and other critical infrastructure systems. The full report is available for subscribers, but Cyble is publishing information on the TCAS vulnerabilities in the public interest.
TCAS II Vulnerabilities
The TCAS II vulnerabilities were reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) by European researchers and defense agencies. CISA in turn disclosed the vulnerabilities in a January 21 advisory.
The vulnerabilities are still undergoing analysis by NIST, but Cyble vulnerability researchers said the weaknesses “underscore the urgent need for enhanced input validation and secure configuration controls in transportation systems.”
TCAS airborne devices function independently of ground-based air traffic control (ATC) systems, according to the FAA, and provide collision avoidance protection for a range of aircraft types. TCAS II is a more advanced system for commercial aircraft with more than 30 seats or a maximum takeoff weight of more than 33,000 pounds. TCAS II offers advanced features such as recommended escape maneuvers for avoiding midair collisions.
The first vulnerability, CVE-2024-9310, is an “Untrusted Inputs” vulnerability in TCAS II that presently carries a CVSS 3.1 base score of 6.1.
CISA notes that “By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).”
The second flaw, CVE-2024-11166, is an 8.2-severity External Control of System or Configuration Setting vulnerability. TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F could be attacked by threat actors impersonating a ground station to issue a Comm- |
Tool Vulnerability Threat Patching Industrial Commercial | ★★★ | |
 |
2025-01-22 19:51:11 | New Study Reveals 92% of Industrial Sites at Risk from Unsecured Remote Access (lien direct) | DeNexus™: New Study Reveals 92% of Industrial Sites at Risk from Unsecured Remote Access
Industrial Cyber Risks Could Cost Sites $1.5M as Remote Access Threats Surge
-
Special Reports
DeNexus™: New Study Reveals 92% of Industrial Sites at Risk from Unsecured Remote Access Industrial Cyber Risks Could Cost Sites $1.5M as Remote Access Threats Surge - Special Reports |
Studies Industrial | ★★★ | |
 |
2025-01-22 14:43:46 | La cyber-dimension de l'occupation du NPP Zaporizhzhia The Cyber Dimension of the Zaporizhzhia NPP Occupation (lien direct) |
 The war that began with Russia\'s full-scale invasion of Ukraine has led to a series of unprecedented nuclear-related situations. During the first 48 hours, Chernobyl-a symbol of the deep-seated fear of nuclear disaster, especially within Europe-was taken by Russian troops.This was accompanied by reports of radiation spikes, various plots involving dirty bombs and nuclear materials, and Russian soldiers allegedly killed by acute radiation syndrome. In the end, all of it was proven to be as fictitious as the reported radiation levels.We should view these mutual accusations between Ukraine and Russia as part of the information war, which likely didn\'t come as a complete surprise to those in the know. For instance, in an insightful piece Politico published documenting the \'first-ever oral history of how top U.S. and Western officials saw the warning signs of a European land war,\' John Kirby stated the following: Without time to recover from the shock caused by the events in the Chernobyl Exclusion Zone, just a few days later, Russia attacked and eventually occupied Europe\'s largest nuclear power plant: Zaporizhzhia. Four weeks later, Russian forces withdrew from Chernobyl, but they did not withdraw from Zaporizhzhia NPP, which remains occupied to this day. With a new administration taking over the U.S. government, likely to have a significant influence on the conditions and terms for ending this armed conflict-if it ends at all-now seems like the right moment to address a gap in the existing coverage of the Zaporizhzhia NPP occupation: its cyber dimension.Ukraine: From Non-Proliferation to the Modernization of Its Nuclear Power PlantsAfter the Soviet Union\'s collapse in 1991, Ukraine agreed to give up its nuclear weapons under the Budapest Memorandum (1994), in exchange for security assurances from Russia, the U.S., and the UK. Some might argue that this move has not aged well, |
Tool Vulnerability Studies Industrial Technical | ★★★ | |
 |
2025-01-22 12:50:52 | DNV report highlights increased OT cybersecurity investment in energy sector due to escalating threats (lien direct) | New research from DNV recorded that growing attention is being paid to operational technology (OT) cybersecurity – securing...
New research from DNV recorded that growing attention is being paid to operational technology (OT) cybersecurity – securing... |
Industrial | ★★★ | |
|
2025-01-22 12:46:42 | CISA discloses security flaws in aircraft collision avoidance systems, Siemens industrial equipment (lien direct) | >The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three advisories on Tuesday detailing current security issues, vulnerabilities,...
>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three advisories on Tuesday detailing current security issues, vulnerabilities,... |
Vulnerability Industrial | ★★★ | |
 |
2025-01-21 22:37:23 | La cybersécurité à bord : quand la menace gagne les océans et les quais (lien direct) | La cybersécurité maritime s\'impose comme un enjeu majeur pour la protection des navires et des ports. Piratages, espionnage industriel et sabotages deviennent possibles, menaçant durablement l\'économie mondiale et la sécurité des équipages, à l\'échelle planétaire....
La cybersécurité maritime s\'impose comme un enjeu majeur pour la protection des navires et des ports. Piratages, espionnage industriel et sabotages deviennent possibles, menaçant durablement l\'économie mondiale et la sécurité des équipages, à l\'échelle planétaire.... |
Industrial | ★★★ | |
 |
2025-01-21 13:00:00 | Key Controls in Securing Cyber-Physical Systems (CPS) (lien direct) | >As operational technology (OT) environments evolve, their networks of connected devices are no longer limited to isolated industrial equipment. Today\'s...
The post Key Controls in Securing Cyber-Physical Systems (CPS) first appeared on Dragos.
>As operational technology (OT) environments evolve, their networks of connected devices are no longer limited to isolated industrial equipment. Today\'s... The post Key Controls in Securing Cyber-Physical Systems (CPS) first appeared on Dragos. |
Industrial | ★★★ | |
|
2025-01-21 08:47:01 | Claroty\\'s Team82 exposes critical vulnerabilities in Hunting Planet WGS-804HPT industrial switch (lien direct) | >New research from Claroty\'s Team82 research arm uncovered three vulnerabilities in Hunting Planet WGS-804HPT industrial switch that could...
>New research from Claroty\'s Team82 research arm uncovered three vulnerabilities in Hunting Planet WGS-804HPT industrial switch that could... |
Vulnerability Industrial | ★★★ | |
|
2025-01-20 08:51:36 | Dragos\\' Lee urges enhanced IT cybersecurity for safeguarding critical OT infrastructure (lien direct) | >Robert Lee, the CEO of industrial cybersecurity company Dragos, warns that using IT cybersecurity measures to protect operational...
>Robert Lee, the CEO of industrial cybersecurity company Dragos, warns that using IT cybersecurity measures to protect operational... |
Industrial | ★★★ | |
|
2025-01-19 09:58:04 | S4x25: Dale Peterson outlines vision for industrial cybersecurity, emphasizes on innovation and connection (lien direct) | As the industrial cybersecurity scene prepares to converge next month for S4x25 at the JW Marriott Water St,...
As the industrial cybersecurity scene prepares to converge next month for S4x25 at the JW Marriott Water St,... |
Industrial | ★★★ | |
|
2025-01-19 09:31:24 | 5 Key OT Cybersecurity Strategies from the WEF Global Cybersecurity Outlook 2025 (lien direct) | >The recent World Economic Forum’s Global Cybersecurity Outlook 2025 analyzes the escalating complexities in the cyber landscape. With...
>The recent World Economic Forum’s Global Cybersecurity Outlook 2025 analyzes the escalating complexities in the cyber landscape. With... |
Industrial | ★★★ | |
|
2025-01-18 08:04:00 | Dragos, Yokogawa Electric partner to boost OT cybersecurity, visibility across industrial environments (lien direct) | >OT cybersecurity company Dragos Inc., has announced a global partnership with Yokogawa Electric Corporation, provider of industrial automation and...
>OT cybersecurity company Dragos Inc., has announced a global partnership with Yokogawa Electric Corporation, provider of industrial automation and... |
Industrial | ★★★ | |
 |
2025-01-17 19:38:00 | Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (lien direct) | Cybersecurity researchers have disclosed three security flaws in Planet Technology\'s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices.
"These switches are widely used in building and home automation systems for a variety of networking applications," Claroty\'s Tomer Goldschmidt said in a Thursday report. "An attacker
Cybersecurity researchers have disclosed three security flaws in Planet Technology\'s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty\'s Tomer Goldschmidt said in a Thursday report. "An attacker |
Industrial | ★★★ | |
 |
2025-01-16 21:36:00 | CISA and US and International Partners Publish Guidance for OT Owners and Operators (lien direct) | Pas de details / No more details | Industrial | ★★★ | |
|
2025-01-15 17:00:00 | The High-Stakes Disconnect For ICS/OT Security (lien direct) | Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn\'t just ineffective-it\'s high risk.
In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT
Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn\'t just ineffective-it\'s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT |
Industrial | ★★★ | |
 |
2025-01-14 18:59:00 | 3 Tips for Eliminating Attack Surface Blind Spots (lien direct) | In today’s rapidly evolving digital landscape, security professionals face many challenges in protecting their organizations from cyber threats. One common problem is the persistence of attack surface blind spots, which can be exploited by attackers and prevent an organization’s ability to stay ahead of threats. For businesses that lack the resources or budget for a full-time, in-house security operations center (SOC) or that struggle to recruit and retain skilled staff, these blind spots can be even more challenging to address. Here are three tips to eliminate attack surface blind spots and strengthen your security posture. 1. Expand Visibility Across Your Attack Surface A common cause of attack surface blind spots is a lack of visibility across an organization’s IT infrastructure. Modern IT environments are diverse and complex, encompassing legacy systems, cloud services, mobile devices, third-party applications, and supply chain touchpoints. Without comprehensive visibility, it’s easy to miss exposures that could lead to significant vulnerabilities. How to Expand Visibility Discover and Categorize Assets: Regularly scanning and monitoring your IT environment with managed vulnerability services paired with managed detection and response (MDR) services ensure new assets are discovered promptly, even as new technology or supply chain touchpoints are added. With these services, you gain comprehensive discovery and categorization of known and unknown assets, applications, and workloads on-premises and in multi-cloud environments for endpoint, OT, IoT, SaaS applications, and other IT infrastructure. With categorization, your data will be enriched with information such as: Criticality of asset to the organization/business, location, maintenance Asset identity, IT address, asset group • Installed software, services that are running, and file integrity Open ports, vulnerabilities, or configuration issues Users and IT or regulatory policy violations Associated alarms and events Fortify Defenses: Using a combination of services, such as MDR with managed endpoint security (MES) and managed vulnerability services significantly expands attack surface visibility. The integration of these services with a centralized technology platform provides a unified view of your attack surface and enriched, extended data collection. You can validate security controls and identify exposures with regular pen testing through managed vulnerability services and complementary consulting services for red/purple team and risk assessments. Leverage Continuous Monitoring: Take advantage of managed security services. Managed services teams that work 24/7 in collaboration across multiple integrated platforms can proactively identify, prioritize, and mitigate or remediate exposures and vulnerabilities, as well as detect and investigate evolving and emerging threats more holistically across your attack surface. By expanding visibility, you’ll not only uncover blind spots but also validate security controls and establish a more proactive approach to identifying threats and managing your cyber risk. 2. Address Vulnerability Overload Through Prioritization Another big challenge for security teams is managing a high volume of vulnerabilities. Without context for prioritization, organizations may be wasting time and resources on vulnerabilities that pose little actual risk while leaving critical exposures unaddressed. How to Overcome Vulnerability Overload Prioritize by Risk and Exploitability: Partner with a security operations team that evaluates vulnerabilities based on their risk of exploitation and potential business impact. For example, LevelBlue integrates threat intelligence and asset criticality into vul | Tool Vulnerability Threat Mobile Industrial Cloud | ★★★ | |
|
2025-01-14 17:22:21 | The 2025 Dragos OT Cybersecurity Year in Review is Coming Soon (lien direct) | >Are you ready to tackle the evolving challenges in OT cybersecurity? Over the past year, the operational technology (OT) cybersecurity...
The post The 2025 Dragos OT Cybersecurity Year in Review is Coming Soon first appeared on Dragos.
>Are you ready to tackle the evolving challenges in OT cybersecurity? Over the past year, the operational technology (OT) cybersecurity... The post The 2025 Dragos OT Cybersecurity Year in Review is Coming Soon first appeared on Dragos. |
Industrial | ★★★ | |
 |
2025-01-14 09:12:00 | Critical Infrastructure Urged to Scrutinize Product Security During Procurement (lien direct) | A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design
A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design |
Industrial | ★★★ | |
|
2025-01-14 07:31:19 | RMC announces key promotions, new hires amid 27% growth surge (lien direct) | >Risk Mitigation Consulting (RMC), a vendor of risk management, industrial cybersecurity, and engineering services for critical missions and...
>Risk Mitigation Consulting (RMC), a vendor of risk management, industrial cybersecurity, and engineering services for critical missions and... |
Industrial | ★★★ | |
|
2025-01-13 13:03:00 | Cybersecurity agencies focus on enhancing OT security, list 12 essential elements for procurement process (lien direct) | >The Cybersecurity and Infrastructure Security Agency (CISA) joined by 11 domestic and international partners, including the European Commission,...
>The Cybersecurity and Infrastructure Security Agency (CISA) joined by 11 domestic and international partners, including the European Commission,... |
Industrial | ★★★ | |
|
2025-01-13 08:39:23 | CISA reports security vulnerabilities in ICS equipment from Schneider Electric, Delta Electronics, Rockwell Automation (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Friday four advisories concerning industrial control systems (ICS)....
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Friday four advisories concerning industrial control systems (ICS).... |
Vulnerability Industrial | ★★★ | |
|
2025-01-13 08:36:52 | Singapore\\'s CSA issues urgent advisory on Mirai botnet threat to industrial routers, smart home devices (lien direct) | The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws...
The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws... |
Threat Industrial | ★★★ | |
|
2025-01-12 07:02:33 | Adopting holistic approach to address complexities of cyber-physical security across IT and OT environments (lien direct) | >The evolving landscape of cyber-physical security brings unique challenges to IT (information technology) and OT (operational technology) environments...
>The evolving landscape of cyber-physical security brings unique challenges to IT (information technology) and OT (operational technology) environments... |
Industrial | ★★★ | |
|
2025-01-08 18:35:29 | Aborder l'exploitation de la peur du rayonnement: un guide d'auto-évaluation pour contrer la désinformation Addressing the Exploitation of Radiation Fear: A Self-Assessment Guide to Counter Disinformation (lien direct) |
In December 2024, two events -drone sightings in the US and Israel\'s strike on Syria\'s weapon depots- were followed by orchestrated reports of detected radiation spikes. Some media outlets took these dubious reports (with millions of views) that originated from social media , and published pieces based on them. In one of these cases, the actors behind the disinformation campaign exploited a real-time radiation map, which is maintained by a private company that manufactures personal dosimeters, to sustain the narrative.Kim Zetter has recently published "Anatomy of a Nuclear Scare", an article that covers this issue.This trend does not come as a surprise, as radioactivity is one of those few things that can collectively trigger significant levels of societal anxiety and emotional, rather than rational, response, which is often disproportionate to the actual physical risks it poses. This radiation fear has been shaped during years by a mix of cultural, historical, and media-driven narratives. In recent years, increasing geopolitical instability, the ever-growing influence of social media, the return of magical thinking and the precariousness and discrediting of traditional sources of information have resulted in a constant flow of misinformation.. It\'s no coincidence that successful campaigns can be executed with limited resources, compared to traditional manipulation activities, and still have the potential to go viral, maximizing ROI.Despite the fact that these campaigns explicitly exploited-or leveraged-publicly available online resources providing real-time radiation levels, in most cases, the actions were simplistic and carried out without the need for specialized \'cyber\' skills or expertise. So far, the only exception to this trend can be found in Chernobyl\'s post-invasion radiation spikes from 2022.I see no reason to believe that we won\'t likely see similar campaigns in the near future. I also acknowledge that this topic is not everyone\'s cup of tea. You may not have the time or interest to go through detailed technical explanations of radioactivity from both physics and cybersecurity perspectives. However, for those who are really interested in that kind of in-depth reading, I\'ve published comprehensive research papers on this topic.So, I thought it might be useful to put together this publication, which is merely intended to serve as an \'emergency guide\' to quickly grasp a set of simple yet sound principles that hopefully can help everyone, regardless of their background, to approach radioactivity-related reports with a critical eye. Armed with these fundamentals of radiation monitoring, we\'ll learn how to quickly discern between stories that make sense and those that don\'t hold water.An Emergency Guide to Understanding Radioactivity and Radiation MonitoringLet\'s say that you want to build a simple cabin in a small plot of land you have in the woods. The foundations should be stable enough to ensure the structure does not collapse just right after finishing it. However, you have an unusual constraint: the only material you can use is balloons. Common sense suggests that, although balloons are not the ideal material, the best way to use them would be to keep them completely deflated. Anything built using inflated balloons will not last long; it depends on the quality of the material the balloon is made of, but everybody acknowl | Tool Threat Industrial Prediction Technical | ★★★ | |
 |
2025-01-08 17:15:19 | Managing Risk Beyond CVE Scores With the Latest Innovations to Darktrace/OT (lien direct) | Announcing the launch of our new innovation to Darktrace/OT. This industry leading innovation for Darktrace/OT moves beyond CVE scores to redefine vulnerability management for critical infrastructure, tackling the full breadth of risks not limited by traditional controls.
Announcing the launch of our new innovation to Darktrace/OT. This industry leading innovation for Darktrace/OT moves beyond CVE scores to redefine vulnerability management for critical infrastructure, tackling the full breadth of risks not limited by traditional controls. |
Vulnerability Industrial | ★★★ | |
|
2025-01-08 15:59:00 | Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (lien direct) | A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.
The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States. |
Vulnerability Industrial | ★★★ | |
 |
2025-01-08 14:00:00 | Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation (lien direct) | Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed. On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network. Ivanti and its affected customers identified the compromise based on indications from the company-supplied Integrity Checker Tool (“ICT”) along with other commercial security monitoring tools. Ivanti has been working closely with Mandiant, affected customers, government partners, and security vendors to address these issues. As a result of their investigation, Ivanti has released patches for the vulnerabilities exploited in this campaign and Ivanti customers are urged to follow the actions in the Security Advisory to secure their systems as soon as possible. Mandiant is currently performing analysis of multiple compromised Ivanti Connect Secure appliances from multiple organizations. The activity described in this blog utilizes insights collectively derived from analysis of these infected devices and have not yet conclusively tied all of the activity described below to a single actor. In at least one of the appliances undergoing analysis, Mandiant observed the deployment of the previously observed SPAWN ecosystem of malware (which includes the SPAWNANT installer, SPAWNMOLE tunneler and the SPAWNSNAIL SSH backdoor). The deployment of the SPAWN ecosystem of malware following the targeting of Ivanti Secure Connect appliances has been attributed to |
Malware Tool Vulnerability Threat Industrial Cloud Commercial | ★★★ | |
|
2025-01-08 10:45:00 | New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (lien direct) | A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices |
Vulnerability Industrial | ★★ | |
 |
2025-01-08 03:17:24 | Cyber Threats Rising: US Critical Infrastructure Under Increasing Attack in 2025 (lien direct) | As we enter 2025, the frequency and sophistication of cyberattacks on critical national infrastructure (CNI) in the US are rising at an alarming rate. These attacks target the foundational systems that support everything from energy and water to transportation and communications, and the consequences are far-reaching and potentially catastrophic. They impact not just the operations of these services but also the very way of life for affected populations. The Deadly Cost of Ignoring OT Security Critical infrastructure attacks are particularly egregious because they have cascading effects. When...
As we enter 2025, the frequency and sophistication of cyberattacks on critical national infrastructure (CNI) in the US are rising at an alarming rate. These attacks target the foundational systems that support everything from energy and water to transportation and communications, and the consequences are far-reaching and potentially catastrophic. They impact not just the operations of these services but also the very way of life for affected populations. The Deadly Cost of Ignoring OT Security Critical infrastructure attacks are particularly egregious because they have cascading effects. When... |
Industrial | ★★★ | |
 |
2025-01-07 12:00:42 | US Treasury Department Sanctions Chinese Company Over Cyberattacks (lien direct) | From the Washington Post:
The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.
From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere. |
Industrial | ★★★ | |
|
2025-01-07 10:18:28 | Moxa finds privilege escalation, OS command injection flaws in cellular routers, network security appliances (lien direct) | Moxa, a company specializing in industrial networking and communication solutions, announced that its cellular routers, secure routers, and...
Moxa, a company specializing in industrial networking and communication solutions, announced that its cellular routers, secure routers, and... |
Industrial | ★★★ | |
 |
2025-01-07 04:34:44 | Moxa Devices Vulnerable to Cyberattacks, Threatening Industrial Networks (lien direct) | Critical vulnerabilities discovered in Moxa\'s industrial networking devices could allow privilege escalation and OS command injection, exposing critical infrastructure to potential cyberattacks. In a security advisory, Moxa said that affected models include EDR and TN series routers widely used in industrial automation, energy, and telecommunications. Successful exploitation could grant attackers control over devices, posing a [...]
Critical vulnerabilities discovered in Moxa\'s industrial networking devices could allow privilege escalation and OS command injection, exposing critical infrastructure to potential cyberattacks. In a security advisory, Moxa said that affected models include EDR and TN series routers widely used in industrial automation, energy, and telecommunications. Successful exploitation could grant attackers control over devices, posing a [...] |
Vulnerability Industrial | ★★★★ | |
|
2025-01-07 03:06:00 | The Overlooked Risks of Open-Source Software in Industrial Security (lien direct) | Open-source software (OSS) has become an indispensable component in many industrial environments. Just last year, 95% of companies said they increased or maintained their use of OSS. According to the Linux Foundation, 70-80% of all code in any modern solution has been directly plucked from OSS solutions,. Cost-efficiency, flexibility, and expansive development community make OSS an attractive option for many organizations looking to innovate while managing budgets. It\'s also a boon for anyone looking for transparency over pure performance. However, these apparent strengths can mask significant...
Open-source software (OSS) has become an indispensable component in many industrial environments. Just last year, 95% of companies said they increased or maintained their use of OSS. According to the Linux Foundation, 70-80% of all code in any modern solution has been directly plucked from OSS solutions,. Cost-efficiency, flexibility, and expansive development community make OSS an attractive option for many organizations looking to innovate while managing budgets. It\'s also a boon for anyone looking for transparency over pure performance. However, these apparent strengths can mask significant... |
Industrial | ★★★★ | |
 |
2025-01-06 19:46:21 | Industrial networking manufacturer Moxa reports \\'critical\\' router bugs (lien direct) | Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices.
Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices. |
Industrial | ★★★★ | |
|
2025-01-05 02:04:05 | Industrial cybersecurity coalitions rise to meet growing OT/ICS cyber threats, build awareness, take action (lien direct) | Across the globe, there is an increase in communities, associations, and alliances working toward information sharing and awareness...
Across the globe, there is an increase in communities, associations, and alliances working toward information sharing and awareness... |
Industrial | ★★★ | |
|
2025-01-03 09:21:48 | New post-authentication vulnerability discovered in Four-Faith industrial routers (lien direct) | >A recent report from VulnCheck disclosed a new post-authentication vulnerability affecting Four-Faith industrial routers being exploited in the...
>A recent report from VulnCheck disclosed a new post-authentication vulnerability affecting Four-Faith industrial routers being exploited in the... |
Vulnerability Industrial | ★★★ | |
 |
2024-12-31 20:19:48 | Four-Faith Industrial Routers Vulnerability Exploited in the Wild to Gain Remote Access (lien direct) | ## Snapshot A post-authentication vulnerability in Chinese-manufactured Four-Faith industrial routers, identified as [CVE-2024-12856](https://security.microsoft.com/intel-explorer/cves/CVE-2024-12856/), is being exploited in the wild to execute unauthenticated remote command injections. ## Description This flaw is being leveraged by attackers using the router\'s default credentials to gain remote access, possibly affecting Four-Faith customers in various sectors including industrial automation, factories and manufacturing plants, power grids, renewable energy plants, water utilities, and transportation and logistics for fleet management and vehicle tracking for real-time data transmission. The vulnerability, which affects at least two router models (F3x24 and F3x36), involves the exploitation of the /apply.cgi endpoint over HTTP. Furthermore, a Censys scan indicated that approximately 15,000 internet-facing devices were vulnerable to the attack. Attackers manipulate the adj\_time\_year parameter during system time modifications with the submit\_type=adjust\_sys\_time action to inject OS commands, which can be used to gain unauthorized remote access or launch reverse shells. For instance, GB Hackers documented an example of a malicious payload sent through a POST, where the running process on the vulnerable device showed the execution of the injected commands. VulnCheck has observed malicious activity from the IP address 178.215.238\[.\]91 attempting to exploit this vulnerability with a payload matching earlier patterns. DucklingStudio\'s blog post from November 2024 also confirmed the active exploitation of this vulnerability, though they saw a different payload than GB Hackers. VulnCheck informed Four-Faith about the vulnerability on December 20. ## Recommendations GB Hackers reports that organizations using Four-Faith routers are strongly encouraged to: 1. **Change Default Credentials**: Immediately update the default login credentials to secure values. 2. **Patch Systems**: Consult Four-Faith for available firmware updates or patches targeting CVE-2024-12856. 3. **Monitor Network Traffic**: Deploy the Suricata rule provided to detect ongoing exploit attempts. 4. **Segregate Networks**: Isolate industrial control systems (ICS) from external networks to reduce attack vectors. The VulnCheck Initial Access team wrote the following Suricata rule to detect CVE-2024-12856 on the wire: alert http any any -> any any ( \ msg:"VULNCHECK Four-Faith CVE-2024-12856 Exploit Attempt"; \ flow:to\_server; \ http.method; content:"POST"; \ http.uri; content:"/apply.cgi"; startswith; \ http.header\_names; content:"Authorization"; \ http.request\_body; content:"change\_action="; \ content:"adjust\_sys\_time"; \ pcre:"/adj\_time\_[^=]+=[a-zA-Z0-9]\*[^a-zA-Z0-9=]/"; \ classtype:web-application-attack; \ reference:cve,CVE-2024-12856; \ sid:12700438; rev:1;) Microsoft recommends detect critical data security risks before they evolve into real incidents through reconnaissance and vulnerability scanning to identify security weaknesses that could be used in a cyberattack. - Regularly update and patch software to protect against known vulnerabilities, using [Microsoft Defender vulnerability management dashboard](https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-dashboard-insights). Read more about how [vulnerability management](https://www.microsoft.com/en-us/security/business/security-101/what-is-vulnerability-management) works. Additionally, [integrate your Security Inform | Tool Vulnerability Threat Industrial | ★★★ | |
|
2024-12-30 19:55:10 | Thousands of industrial routers vulnerable to command injection flaw (lien direct) | >The vulnerability, found in versions of Four-Faith routers, appears to have been exploited in the wild and has been connected to attempted infections of Mirai.
>The vulnerability, found in versions of Four-Faith routers, appears to have been exploited in the wild and has been connected to attempted infections of Mirai. |
Vulnerability Industrial | ★★ | |
|
2024-12-30 13:00:00 | Top 5 Cybersecurity Threats to Oil & Gas, and How to Protect Against Them (lien direct) | >As cyber adversaries grow more sophisticated in targeting critical industrial infrastructure, the need for robust cybersecurity measures has never been...
The post Top 5 Cybersecurity Threats to Oil & Gas, and How to Protect Against Them first appeared on Dragos.
>As cyber adversaries grow more sophisticated in targeting critical industrial infrastructure, the need for robust cybersecurity measures has never been... The post Top 5 Cybersecurity Threats to Oil & Gas, and How to Protect Against Them first appeared on Dragos. |
Industrial | ★★★ | |
|
2024-12-30 06:13:40 | Critical Flaw Exposes Four-Faith Routers to Remote Exploitation (lien direct) | SUMMARY: VulnCheck has discovered a critical new vulnerability (CVE-2024-12856) affecting Four-Faith industrial routers (F3x24 and F3x36), with evidence…
SUMMARY: VulnCheck has discovered a critical new vulnerability (CVE-2024-12856) affecting Four-Faith industrial routers (F3x24 and F3x36), with evidence… |
Vulnerability Industrial | ★★ | |
|
2024-12-28 13:32:59 | Peter Machat, Senior Director EMEA Central, ARMIS: Combining Armis\\' Centrix platform with Armis\\' channel partners services, is a good way for your Cybersecurity posture. (lien direct) | Global Security Mag: Good afternoon, Peter. Global Security Mag is happy to have this opportunity to exchange with you about Armis. Could you please tell us what Armis is presenting at it-sa 2024?
Peter Machat: Thanks for having me. Armis has a booth with its distributor Infinigate to allow our experts showing a demonstration instance for our cyber exposure management platform based on some standard data from different scenarios like healthcare, or like typical OT Security, just to give an idea about what Company\'s IT assets are visible. And for that purpose, they use different sources. They usually use all the integrations the customer offers, meaning systems the customers already have, like CrowdStrike Endpoint Protection Platform and so on. These data are integrated, and a network flow analysis can also be done. Network assets can be mapped and listed, information from different systems and vulnerabilities can be gathered and shown. That is part one of Armis\' solution and on top of that, we give recommendations, prioritizing what should be done. Our solution is directly integrated with tickets management systems like ServiceNow, so, tickets can be created to resolve the cases issued.
-
Interviews
/
affiche,
it-sa 2024 en
Global Security Mag: Good afternoon, Peter. Global Security Mag is happy to have this opportunity to exchange with you about Armis. Could you please tell us what Armis is presenting at it-sa 2024? Peter Machat: Thanks for having me. Armis has a booth with its distributor Infinigate to allow our experts showing a demonstration instance for our cyber exposure management platform based on some standard data from different scenarios like healthcare, or like typical OT Security, just to give an idea about what Company\'s IT assets are visible. And for that purpose, they use different sources. They usually use all the integrations the customer offers, meaning systems the customers already have, like CrowdStrike Endpoint Protection Platform and so on. These data are integrated, and a network flow analysis can also be done. Network assets can be mapped and listed, information from different systems and vulnerabilities can be gathered and shown. That is part one of Armis\' solution and on top of that, we give recommendations, prioritizing what should be done. Our solution is directly integrated with tickets management systems like ServiceNow, so, tickets can be created to resolve the cases issued. - Interviews / affiche, it-sa 2024 en |
Vulnerability Industrial Medical | ★★ | |
|
2024-12-27 14:00:00 | Hackers Are Hot for Water Utilities (lien direct) | The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here\'s how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.
The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here\'s how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities. |
Industrial | ★★★ | |
 |
2024-12-27 10:00:46 | Threat landscape for industrial automation systems in Q3 2024 (lien direct) | The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024.
The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024. |
Threat Industrial | ★★ | |
 |
2024-12-26 14:00:27 | Securing Remote OT Operations: (lien direct) | >Expanded attack surfaces have made OT systems a target for cyber threats, underscoring the need for a security framework tailored to remote OT environments.
>Expanded attack surfaces have made OT systems a target for cyber threats, underscoring the need for a security framework tailored to remote OT environments. |
Industrial | ★★★ | |
|
2024-12-24 14:00:45 | Harnessing AI to Strengthen OT Security Against Modern Cyber Threats (lien direct) | >To manage AI\'s dual role in OT environments, organizations need rigorous risk assessment and clear governance protocols for deploying AI.
>To manage AI\'s dual role in OT environments, organizations need rigorous risk assessment and clear governance protocols for deploying AI. |
Industrial | ★★★ | |
|
2024-12-23 13:00:00 | Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service (lien direct) | >In today\'s interconnected industrial environments, OT networks are more vulnerable than ever to cyber threats. Even with robust monitoring and...
The post Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service first appeared on Dragos.
>In today\'s interconnected industrial environments, OT networks are more vulnerable than ever to cyber threats. Even with robust monitoring and... The post Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service first appeared on Dragos. |
Threat Industrial | ★★ | |
 |
2024-12-23 08:06:27 | Strengthening ICS/OT Security: Unlock the Power of Effective Threat Detection (lien direct) | >Download this CISO guide for actionable insights and best practices to help you establish an effective ICS/OT threat detection framework.
>Download this CISO guide for actionable insights and best practices to help you establish an effective ICS/OT threat detection framework. |
Threat Industrial | ★★ | |
|
2024-12-20 09:15:00 | Ransomware Attackers Target Industries with Low Downtime Tolerance (lien direct) | A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024
A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024 |
Ransomware Industrial | ★★ | |
|
2024-12-19 22:45:48 | OT/ICS Engineering Workstations Face Barrage of Fresh Malware (lien direct) | Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.
Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes. |
Malware Industrial | ★★★ | |
|
2024-12-19 14:00:00 | New Malware Can Kill Engineering Processes in ICS Environments (lien direct) | Forescout identified a new type of malware capable of terminating engineering processes, used to target Siemens engineering workstations
Forescout identified a new type of malware capable of terminating engineering processes, used to target Siemens engineering workstations |
Malware Industrial | ★★ |
To see everything:
Our RSS (filtrered)
