This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T03:44:46+00:00 www.secnews.physaphae.fr IndustrialCyber - cyber risk firms for industrial Acronis, un fournisseur de solutions de cybersécurité et de protection des données, a annoncé mardi qu'elle continuait de consolider sa position ...

---

>Acronis, a provider of cybersecurity and data protection solutions, announced Tuesday that it continues to solidify its position... ]]> 2025-03-11T17:27:50+00:00 https://industrialcyber.co/news/acronis-strengthens-position-in-ot-cyber-resilience-expands-oem-partnerships/ www.secnews.physaphae.fr/article.php?IdArticle=8655075 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Fortinet, un fournisseur de cybersécurité stimulant la convergence du réseautage et de la sécurité, a annoncé mardi qu'il avait avancé ...

---

>Fortinet, a cybersecurity vendor driving the convergence of networking and security, announced on Tuesday that it has advanced... ]]> 2025-03-11T17:25:14+00:00 https://industrialcyber.co/news/fortinet-updates-its-ot-security-platform-for-critical-infrastructure-protection/ www.secnews.physaphae.fr/article.php?IdArticle=8655076 False Industrial None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Fortinet releases significant enhancements to the Fortinet OT Security Platform to support the unique needs of operational technology (OT) environements. Learn more.]]> 2025-03-11T13:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/fortinet-ot-security-platform-innovations-address-critical-ot-challenges www.secnews.physaphae.fr/article.php?IdArticle=8655025 False Industrial None 2.0000000000000000 The State of Security - Magazine Américain A critical aspect of manufacturing, energy, and transportation is Industrial Control Systems (ICS) and Operational Technologies (OT). The rapid pace of digital growth makes these systems susceptible to cyberattacks. OT and ICS system security is important, making penetration testing an essential activity. This tactic makes it possible to mitigate weaknesses so they are no longer vulnerabilities. It is an effective measure of asset protection. Penetration testing can ease the challenges of protecting OT and ICS systems. Understanding OT and ICS Security From power grids to assembly lines...]]> 2025-03-11T04:19:25+00:00 https://www.tripwire.com/state-of-security/growing-importance-penetration-testing-ot-and-ics-security www.secnews.physaphae.fr/article.php?IdArticle=8654962 False Vulnerability,Industrial None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les vulnérabilités comptabilisées ont permis une escalade des privilèges, un détournement de DLL, une modification des fichiers et même un compromis total du système.

---

>The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification and even total system compromise. ]]> 2025-03-10T20:13:21+00:00 https://cyberscoop.com/iconics-scada-vulnerabilities-2025-palo-alto/ www.secnews.physaphae.fr/article.php?IdArticle=8654922 False Vulnerability,Industrial None 4.0000000000000000 Dragos - CTI Society Êtes-vous un propriétaire ou un opérateur d'actifs dans le secteur industriel, travaillant à fortifier votre posture de cybersécurité OT contre toujours ... Le message Network, apprend, défendez-vous: le forum DragOS aide à permettre aux professionnels de la sécurité OT qui ont d'abord apporté dragos .

---

>Are you an asset owner or operator in the industrial sector, working to fortify your OT cybersecurity posture against ever-evolving... The post Network, Learn, Defend: the Dragos Forum Helps to Empower OT Security Professionals  first appeared on Dragos.]]> 2025-03-10T13:00:00+00:00 https://www.dragos.com/blog/network-learn-defend-dragos-forum-helps-to-empower-ot-security-professionals/ www.secnews.physaphae.fr/article.php?IdArticle=8654871 False Industrial None 3.0000000000000000 Global Security Mag - Site de news francais Business

---

Armis übernimmt OTORIO und stärkt seine Führungsrolle in der Sicherheit Cyber-Physischer Systeme Dritte Übernahme in weniger als 12 Monaten erweitert die Fähigkeiten von Armis Centrix™ in der OT/ICS-Sicherheit - Business]]> 2025-03-10T10:22:12+00:00 https://www.globalsecuritymag.fr/armis-ubernimmt-otorio.html www.secnews.physaphae.fr/article.php?IdArticle=8654852 False Industrial None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-03-10T09:02:21+00:00 https://cyble.com/blog/ics-vulnerability-cctv-rtos-and-genome-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8654832 False Tool,Vulnerability,Threat,Patching,Industrial,Medical,Commercial None 3.0000000000000000 Global Security Mag - Site de news francais Marchés]]> 2025-03-10T02:13:00+00:00 https://www.globalsecuritymag.fr/armis-acquiert-otorio-et-propose-dorenavant-sa-plateforme-armis-centrix-tm-en.html www.secnews.physaphae.fr/article.php?IdArticle=8654938 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Increasing cyber threats and attacks have led modern organizations to focus on OT network monitoring, as it has... ]]> 2025-03-09T07:55:44+00:00 https://industrialcyber.co/features/empowering-organizations-to-protect-critical-infrastructure-with-advanced-ot-network-monitoring-for-cyber-threat-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8654752 False Threat,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction.]]> 2025-03-07T19:37:21+00:00 https://www.darkreading.com/threat-intelligence/mitre-emb3d-ot-ics-threat-modeling www.secnews.physaphae.fr/article.php?IdArticle=8654632 False Threat,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch Armis will integrate OTORIO\'s Titan platform with its cloud-based Centrix, bringing an on-premise option to the cloud-only offering.]]> 2025-03-07T01:29:31+00:00 https://www.darkreading.com/ics-ot-security/armis-acquires-otorio-expand-ot-exposure-management-platform www.secnews.physaphae.fr/article.php?IdArticle=8654451 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Armis, une société de gestion et de sécurité de la cyber-exposition, a annoncé jeudi qu'elle avait acquis Otorio, un fournisseur de ...

---

>Armis, a cyber exposure management and security company, announced Thursday that it has acquired OTORIO, a provider of... ]]> 2025-03-06T16:30:01+00:00 https://industrialcyber.co/news/armis-acquires-otorio-to-strengthen-its-ot-and-cyber-physical-security-position/ www.secnews.physaphae.fr/article.php?IdArticle=8654340 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Claroty, une société de protection des systèmes cyber-physiques (CPS), a annoncé un partenariat avec ScealTech, une filiale de Parsons Corporation de renom ...

---

>Claroty, a cyber-physical systems (CPS) protection company, has announced a partnership with SealingTech, a Parsons Corporation subsidiary renowned... ]]> 2025-03-06T07:50:20+00:00 https://industrialcyber.co/news/claroty-and-sealingtech-partner-to-strengthen-federal-cyber-protection-for-ot-and-cps-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8654157 False Industrial None 2.0000000000000000 Dark Reading - Informationweek Branch The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.]]> 2025-03-05T19:41:01+00:00 https://www.darkreading.com/ics-ot-security/crafty-camel-apt-aviation-ot-polygot-files www.secnews.physaphae.fr/article.php?IdArticle=8653967 False Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year]]> 2025-03-05T10:30:00+00:00 https://www.infosecurity-magazine.com/news/half-organizations-serious-ot/ www.secnews.physaphae.fr/article.php?IdArticle=8653779 False Industrial None 4.0000000000000000 Zataz - Magazine Francais de secu 2025-03-05T09:44:36+00:00 https://www.zataz.com/menaces-invisibles-quand-le-tourisme-industriel-devient-une-porte-dentree-pour-lespionnage-economique/ www.secnews.physaphae.fr/article.php?IdArticle=8653754 False Threat,Industrial None 3.0000000000000000 Palo Alto Network - Site Constructeur Les données NTT et les réseaux Palo Alto se sont associés pour améliorer la sécurité privée 5G pour les déploiements industriels pour autonomiser les entreprises.

---

>NTT DATA and Palo Alto Networks have partnered to enhance private 5G security for industrial deployments to empower enterprises. ]]> 2025-03-05T08:00:57+00:00 https://www.paloaltonetworks.com/blog/2025/03/enhance-private-5g-security/ www.secnews.physaphae.fr/article.php?IdArticle=8653736 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Un rapport d'Opswat et de l'Institut SANS a révélé que les budgets ICS / OT (Systèmes de contrôle industriel / technologie opérationnelle) sont de retard de cybersécurité ...

---

>A report from OPSWAT and the SANS Institute disclosed that ICS/OT (industrial control systems/operational technology) cybersecurity budgets lag... ]]> 2025-03-05T07:44:36+00:00 https://industrialcyber.co/reports/new-opswat-sans-survey-detects-growing-gap-in-ics-ot-cybersecurity-budgets-amid-rising-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8653720 False Industrial None 3.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux

---

New Report from OPSWAT and SANS Institute: ICS/OT Cybersecurity Budgets Lag as Attacks Surge, Exposing Critical Infrastructure Risks More than 50% of Organizations Reported Experiencing at Least One ICS/OT Security Incident. - Special Reports]]> 2025-03-04T17:40:44+00:00 https://www.globalsecuritymag.fr/new-report-from-opswat-and-sans-institute-ics-ot-cybersecurity-budgets-lag-as.html www.secnews.physaphae.fr/article.php?IdArticle=8653512 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial TXOne Networks, vendor of Cyber-Physical Systems (CPS) security, published its new annual report on operational technology (OT) cybersecurity,... ]]> 2025-03-04T17:18:36+00:00 https://industrialcyber.co/news/txone-networks-2024-report-details-critical-ot-ics-cybersecurity-challenges-amid-supply-chain-risks-aging-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8653498 False Industrial None 3.0000000000000000 Fortinet - Fabricant Materiel Securite A Q&A about the upcoming Fortinet event for OT professionals and security leaders looking to protect their IT and OT systems.]]> 2025-03-04T16:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/learn-how-to-protect-ot-systems-at-the-fortinet-ot-security-summit www.secnews.physaphae.fr/article.php?IdArticle=8653475 False Industrial None 2.0000000000000000 Global Security Mag - Site de news francais Événements]]> 2025-03-04T09:06:23+00:00 https://www.globalsecuritymag.fr/17-mars-2025-18-h-00-20-h-00-par-visioconference-zoom-lundi-de-la-cybersecurite.html www.secnews.physaphae.fr/article.php?IdArticle=8653322 False Industrial None 2.0000000000000000 Sygnia - CyberSecurity Firm Adapter les stratégies de sauvegarde pour assurer la résilience opérationnelle, protéger les configurations critiques et atténuer les risques dans les environnements technologiques opérationnels.

---

>Tailoring backup strategies to ensure operational resilience, safeguard critical configurations, and mitigate risks in Operational Technology environments. ]]> 2025-03-03T10:38:55+00:00 https://www.sygnia.co/guides-and-tools/ensuring-continuity-industrial-operations-ot-backup-strategies/ www.secnews.physaphae.fr/article.php?IdArticle=8653753 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial As the boundaries between IT and OT environments blur and regulators move to bolster ICS cybersecurity across critical... ]]> 2025-03-02T09:07:56+00:00 https://industrialcyber.co/features/highlighting-focus-on-rise-of-industrial-cisos-to-balance-organizational-cybersecurity-operations-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8652566 False Industrial None 3.0000000000000000 Sygnia - CyberSecurity Firm Améliorer la sécurité OT avec MDR. Empêcher, détecter et répondre aux cyber-menaces industrielles pour une protection robuste de votre infrastructure critique.

---

>Enhance OT security with MDR. Prevent, detect, and respond to industrial cyber threats for robust protection of your critical infrastructure. ]]> 2025-02-28T08:00:56+00:00 https://www.sygnia.co/blog/mdr-ot-security-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8651877 False Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch Companies critical to the aviation and aerospace supply chains didn\'t patch a known CVE, providing opportunity for foreign espionage.]]> 2025-02-27T14:29:30+00:00 https://www.darkreading.com/ics-ot-security/chinese-apt-vpn-bug-worldwide-ot-orgs www.secnews.physaphae.fr/article.php?IdArticle=8651637 False Threat,Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The weekly ICS vulnerabilities Intelligence Report to clients highlights the latest vulnerability landscape for ICS systems, derived from alerts by the Cybersecurity and Infrastructure Security Agency (CISA). This report covers vulnerabilities identified between February 19, 2025, and February 25, 2025, shedding light on the ongoing cybersecurity challenges faced by critical industries that rely on ICS technologies. During this period, CISA issued seven security advisories addressing vulnerabilities impacting multiple ICS products and vendors. These advisories for these ICS vulnerabilities cover vulnerabilities found in products from ABB, Siemens, Rockwell Automation, Rapid Response Monitoring, Elseta, Medixant, and others. ABB was the most affected vendor, reporting five critical vulnerabilities across its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. Publicly available proof-of-concept (PoC) exploits for the reported vulnerabilities have escalated the risk of active exploitation, making it essential for organizations to quickly address these security flaws through patching and mitigation measures. ICS Vulnerabilities by Vendor and Product Figure 1: Vulnerability Severity Category Chart The ICS vulnerabilities identified during this reporting period span a wide range of critical infrastructure systems. For instance, ABB reported multiple flaws in its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. These vulnerabilities inc]]> 2025-02-27T11:52:37+00:00 https://cyble.com/blog/new-cisa-report-rising-ics-cybersecurity-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8651581 False Tool,Vulnerability,Patching,Industrial,Medical None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Claroty's Research ARM, Team82, a publié de nouvelles résultats qui découvrent les risques de sécurité dans le système d'exploitation Windows CE, ...

---

>Claroty‘s research arm, Team82, has released new findings that uncover security risks in the Windows CE operating system,... ]]> 2025-02-27T10:14:20+00:00 https://industrialcyber.co/critical-infrastructure/clarotys-team82-reveals-vulnerabilities-in-windows-ce-putting-industrial-systems-at-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8651564 False Vulnerability,Industrial None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Xona, un fournisseur de solutions d'accès sécurisées pour les infrastructures critiques, a annoncé un partenariat avec Otconnect, un leader de la cybersécurité ...

---

>Xona, a provider of secure access solutions for critical infrastructure, announced a partnership with OTconnect, a cybersecurity leader... ]]> 2025-02-26T10:28:38+00:00 https://industrialcyber.co/news/xona-and-otconnect-unite-to-revolutionize-secure-access-for-critical-ot-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8651157 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Industrial cybersecurity firm Dragos reported that it has identified 1,693 industrial organizations with sensitive data exposed on various... ]]> 2025-02-25T13:50:48+00:00 https://industrialcyber.co/reports/dragos-finds-ransomware-attacks-on-industrial-sector-surge-87-manufacturing-hit-hardest-as-ot-targeting-rises/ www.secnews.physaphae.fr/article.php?IdArticle=8650861 False Ransomware,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday]]> 2025-02-25T11:21:00+00:00 https://thehackernews.com/2025/02/fatalrat-phishing-attacks-target-apac.html www.secnews.physaphae.fr/article.php?IdArticle=8650740 False Malware,Threat,Industrial,Cloud None 3.0000000000000000 Dragos - CTI Society Nous sommes ravis d'annoncer la sortie de notre 8e rapport annuel de la Cybersecurity dans le rapport de revue. Ce rapport annuel révèle ... The Post Dragos \\ 's 8e annuelle annuelle annuelle annuelle L'année de cybersécurité de l'OT en revue est désormais disponible href = "https://www.dragos.com"> dragos .

---

>We\'re excited to announce the release of our 8th Annual OT Cybersecurity Year in Review report. This annual report reveals... The post Dragos\'s 8th Annual OT Cybersecurity Year in Review Is Now Available first appeared on Dragos.]]> 2025-02-25T11:01:00+00:00 https://www.dragos.com/blog/dragos-8th-annual-ot-cybersecurity-year-in-review-is-now-available/ www.secnews.physaphae.fr/article.php?IdArticle=8650809 False Industrial None 3.0000000000000000 The Register - Site journalistique Anglais Fuxnet and FrostyGoop were both used in the Russia-Ukraine war Two new malware variants specifically designed to disrupt critical industrial processes were set loose on operational technology networks last year, shutting off heat to more than 600 apartment buildings in one instance and jamming communications to gas, water, and sewage network sensors in the other.…]]> 2025-02-25T11:00:11+00:00 https://go.theregister.com/feed/www.theregister.com/2025/02/25/new_ics_malware_dragos/ www.secnews.physaphae.fr/article.php?IdArticle=8650794 False Malware,Industrial None 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les États collaborent de plus en plus avec des groupes de cybercrimins pour partager des ressources et amplifier les attaques contre les infrastructures critiques dans les pays rivaux, un nouveau rapport trouve.

---

>States are increasingly collaborating with cybercriminal groups to share resources and amplify attacks on critical infrastructure in rival nations, a new report finds. ]]> 2025-02-25T11:00:00+00:00 https://cyberscoop.com/dragos-ot-ics-annual-report-states-collaborating-with-private-hacking-groups/ www.secnews.physaphae.fr/article.php?IdArticle=8650822 False Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase.]]> 2025-02-25T11:00:00+00:00 https://www.darkreading.com/cyber-risk/industrial-system-cyberattacks-surge-ot-vulnerable www.secnews.physaphae.fr/article.php?IdArticle=8650823 False Vulnerability,Industrial None 3.0000000000000000 Palo Alto Network - Site Constructeur Le rapport OMDIA comprend une évaluation du marché de la sécurité OT, des recommandations pour le choix des solutions et une analyse des plateformes de cybersécurité OT.

---

>Omdia report includes an evaluation of the OT security market, recommendations for choosing solutions, and analysis of OT cybersecurity platforms. ]]> 2025-02-24T15:00:49+00:00 https://www.paloaltonetworks.com/blog/2025/02/leader-omdia-market-radar/ www.secnews.physaphae.fr/article.php?IdArticle=8650521 False Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Telstra found that 75% of cyber incidents impacting manufacturing firms originated from the targeting of IT systems connected to OT environments]]> 2025-02-24T13:30:00+00:00 https://www.infosecurity-magazine.com/news/itot-fuels-manufacturing-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=8650508 False Industrial None 2.0000000000000000 Dragos - CTI Society La 2025 Gartner® Magic Quadrant ™ pour les plates-formes de protection des systèmes cyber-physiques (CPS) est le tout premier quadrant magique de cette catégorie et ... Le message dragos a nommé un leader en Les plates-formes de protection CPS, axées sur la protection de l'OT contre la cyber-perturbation est apparue pour la première fois sur dragos .

---

>The 2025 Gartner® Magic Quadrant™ for Cyber-Physical Systems (CPS) Protection Platforms is the first-ever Magic Quadrant for this category and... The post Dragos Named a Leader in CPS Protection Platforms, Focused on Protecting OT from Cyber Disruption first appeared on Dragos.]]> 2025-02-24T13:00:00+00:00 https://www.dragos.com/blog/dragos-named-a-leader-in-gartner-magic-quadrant-for-cps-protection-platforms/ www.secnews.physaphae.fr/article.php?IdArticle=8650505 False Industrial,Commercial None 2.0000000000000000 Cyble - CyberSecurity Firm 2025-02-24T08:24:19+00:00 https://cyble.com/blog/fbi-cisa-shows-staying-power-of-old-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8650418 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial In a world of advancing technological progress, the role of cybersecurity governance across OT (operational technology) and ICS... ]]> 2025-02-23T08:07:15+00:00 https://industrialcyber.co/features/prioritizing-organizational-cybersecurity-governance-boosting-operational-resilience-across-ot-ics-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8650120 False Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical. One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems. Four Critical Siemens Vulnerabilities Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components. Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected. CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to]]> 2025-02-20T10:10:49+00:00 https://cyble.com/blog/cisa-vulnerability-complexity-of-ics-products/ www.secnews.physaphae.fr/article.php?IdArticle=8649191 True Tool,Vulnerability,Patching,Industrial,Medical,Commercial None 3.0000000000000000 Dark Reading - Informationweek Branch By taking several proactive steps, boards can improve their organization\'s resilience against cyberattacks and protect their critical OT assets.]]> 2025-02-19T15:00:00+00:00 https://www.darkreading.com/cyber-risk/board-role-cyber-risk-management-ot-environments www.secnews.physaphae.fr/article.php?IdArticle=8649010 False Industrial None 2.0000000000000000 Cyble - CyberSecurity Firm Overview   The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.  ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)  Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.  The vulnerabilities are as follows:  Stack-based Buffer Overflow (CVE-2024-39880)  Out-of-bounds Write (CVE-2024-39881)  Out-of-bounds Read (CVE-2024-39882)  Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)  ]]> 2025-02-19T12:18:54+00:00 https://cyble.com/blog/cisa-upgrades-known-exploited-vulnerabilities-catalog/ www.secnews.physaphae.fr/article.php?IdArticle=8648991 False Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 SecurityWeek - Security News Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity. 

---

>Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.  ]]> 2025-02-19T12:00:00+00:00 https://www.securityweek.com/free-diagram-tool-aids-management-of-complex-ics-ot-cybersecurity-decisions/ www.secnews.physaphae.fr/article.php?IdArticle=8648981 False Tool,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial German cybersecurity company admeritia has developed a new resource with the launch of Cyber Decision Diagrams, a free... ]]> 2025-02-19T09:52:35+00:00 https://industrialcyber.co/industrial-cyber-attacks/admeritia-debuts-cyber-decision-diagrams-to-improve-decision-making-for-industrial-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8648968 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial FRENOS, provider of autonomous operational technology (OT) security assessments, and ThreatGEN, vendor of AI-powered cybersecurity simulation platforms, announced...

---

>FRENOS, provider of autonomous operational technology (OT) security assessments, and ThreatGEN, vendor of AI-powered cybersecurity simulation platforms, announced... ]]> 2025-02-19T08:54:31+00:00 https://industrialcyber.co/news/frenos-and-threatgen-partner-to-revolutionize-proactive-ot-cybersecurity-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8648959 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial As industrial networks evolve, the importance of dedicated cybersecurity measures becomes ever more critical. These ISA/IEC 62443 standards...

---

>As industrial networks evolve, the importance of dedicated cybersecurity measures becomes ever more critical. These ISA/IEC 62443 standards... ]]> 2025-02-19T07:05:06+00:00 https://industrialcyber.co/isa-iec-62443/strengthening-ics-resilience-with-isa-iec-62443-standards-and-configuration-management/ www.secnews.physaphae.fr/article.php?IdArticle=8648952 False Industrial None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Discover how AI-led investigations unify IT and OT security, reducing alert fatigue and accelerating alert investigation in industrial environments.]]> 2025-02-18T18:48:32+00:00 https://darktrace.com/blog/unifying-it-ot-with-ai-led-investigations-for-industrial-security www.secnews.physaphae.fr/article.php?IdArticle=8648900 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Industrial Defender, vendor of OT asset management and cybersecurity compliance solutions, has announced the release of its latest... ]]> 2025-02-18T10:28:32+00:00 https://industrialcyber.co/news/new-industrial-defender-8-0-features-redesigned-risk-dashboard-to-boost-ot-cybersecurity-compliance-management/ www.secnews.physaphae.fr/article.php?IdArticle=8648836 False Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products. The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures. Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA\'s Known Exploited Vulnerabilities catalog. Cyble\'s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack. The Top IT Vulnerabilities Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure ]]> 2025-02-17T11:56:58+00:00 https://cyble.com/blog/it-vulnerability-ivanti-apple-fixes-urged-by-cyble/ www.secnews.physaphae.fr/article.php?IdArticle=8648746 False Vulnerability,Threat,Patching,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial With the changing threat environment, industrial and operational environments are under greater pressure than ever to reconcile operational... ]]> 2025-02-16T03:03:45+00:00 https://industrialcyber.co/risk-management/roping-in-cyber-risk-quantification-across-industrial-networks-to-safeguard-ot-asset-owners-amid-rising-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8648617 False Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial This year\'s S4x25 in Tampa was not just another industry event-it was a turning point for the industrial...

---

>This year\'s S4x25 in Tampa was not just another industry event-it was a turning point for the industrial... ]]> 2025-02-14T18:00:58+00:00 https://industrialcyber.co/analysis/s4x25-a-market-at-an-inflection-point-a-deep-dive/ www.secnews.physaphae.fr/article.php?IdArticle=8648520 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Industrial cybersecurity company Dragos revealed that during the fourth quarter of 2024, the ransomware threat landscape presented an... ]]> 2025-02-14T17:39:09+00:00 https://industrialcyber.co/industrial-cyber-attacks/dragos-reports-evolving-ransomware-threat-landscape-with-increased-operational-disruptions-as-attacks-target-ics/ www.secnews.physaphae.fr/article.php?IdArticle=8648523 False Ransomware,Threat,Industrial None 3.0000000000000000 Dragos - CTI Society Operational technology (OT) environments are the backbone of critical industries – electric, oil and gas, and manufacturing, and are increasingly... The post How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape first appeared on Dragos.

---

>Operational technology (OT) environments are the backbone of critical industries – electric, oil and gas, and manufacturing, and are increasingly... The post How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape first appeared on Dragos.]]> 2025-02-14T15:00:00+00:00 https://www.dragos.com/blog/how-to-navigate-network-security-in-a-rapidly-evolving-ot-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8648507 False Threat,Industrial None 2.0000000000000000 SecurityWeek - Security News Noteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool.

---

>Noteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool. ]]> 2025-02-14T13:02:32+00:00 https://www.securityweek.com/in-other-news-10000-youtube-flaw-cybereason-ceo-sues-investors-new-ot-security-tool/ www.secnews.physaphae.fr/article.php?IdArticle=8648484 False Tool,Vulnerability,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Technology company NVIDIA announced Wednesday at the ongoing S4x25 industrial cybersecurity event their adoption of the NVIDIA cybersecurity... ]]> 2025-02-13T12:36:29+00:00 https://industrialcyber.co/ai/s4x25-nvidia-debuts-ai-platform-for-critical-infrastructure-security-partners-with-industry-leaderss4x25-nvidia-debuts-ai-platform-for-critical-infrastructure-security-partners-with-industry-leaders/ www.secnews.physaphae.fr/article.php?IdArticle=8648360 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Schneider Electric, vendor of digital transformation of energy management and automation, has announced new OT (operational technology) cybersecurity...

---

>Schneider Electric, vendor of digital transformation of energy management and automation, has announced new OT (operational technology) cybersecurity... ]]> 2025-02-13T12:32:51+00:00 https://industrialcyber.co/news/schneider-electrics-scadapack-470i-474i-to-redefine-ot-cybersecurity-for-remote-rugged-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8648361 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Asimily, an IoT, OT and IoMT company, and Carahsoft Technology announced Wednesday a partnership. Under the agreement, Carahsoft...

---

>Asimily, an IoT, OT and IoMT company, and Carahsoft Technology announced Wednesday a partnership. Under the agreement, Carahsoft... ]]> 2025-02-13T12:32:13+00:00 https://industrialcyber.co/news/asimily-carahsoft-partner-to-bring-iot-ot-cybersecurity-solutions-to-public-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8648362 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Salvador Technologies introduced an Edge-Recovery Platform, a leap forward in comprehensive cyber resilience in the Operational Technology (OT)...

---

>Salvador Technologies introduced an Edge-Recovery Platform, a leap forward in comprehensive cyber resilience in the Operational Technology (OT)... ]]> 2025-02-13T12:24:42+00:00 https://industrialcyber.co/news/salvador-technologies-launches-edge-recovery-platform-to-revolutionize-ot-ics-cyber-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8648363 False Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks. The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems. Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products. Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties. In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0. Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file. Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances. “This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats.]]> 2025-02-13T11:15:54+00:00 https://cyble.com/blog/cyble-warns-of-exposed-medical-imaging-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8648345 True Tool,Vulnerability,Threat,Patching,Industrial,Medical None 3.0000000000000000 The State of Security - Magazine Américain Modern factories are increasingly relying on Industrial Internet of Things (IIoT) solutions. This shift is beneficial in many regards, including higher efficiency and transparency, but it also introduces unique cybersecurity concerns. Better vulnerability management for IIoT systems is essential if companies hope to make the most of this technology. The White House\'s 2024 cybersecurity report named critical infrastructure risks and supply chain exploits as two of the top threats facing the U.S. today. Notably, IIoT systems play a key role in both categories. Heavy industries must become aware...]]> 2025-02-13T03:59:50+00:00 https://www.tripwire.com/state-of-security/iiot-security-threats-reshape-factory-protection-strategies www.secnews.physaphae.fr/article.php?IdArticle=8648329 False Vulnerability,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial At the S4x25 event, Dale Peterson sat down with Paul Griswold, former chief product officer at Honeywell, for... ]]> 2025-02-12T18:18:25+00:00 https://industrialcyber.co/events/s4x25-fireside-chat-dale-peterson-and-paul-griswold-discuss-evolution-of-ics-security/ www.secnews.physaphae.fr/article.php?IdArticle=8648251 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial At S4x25, Dale Peterson delivered a keynote that wasn\'t just a presentation-it was a call to action. Known... ]]> 2025-02-12T18:10:49+00:00 https://industrialcyber.co/control-device-security/s4x25-keynote-dale-peterson-challenges-ot-security-professionals-to-rethink-risk-prioritization/ www.secnews.physaphae.fr/article.php?IdArticle=8648253 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cyolo, provider of secure remote access solutions for operational technology (OT) and industrial control systems (ICS), announced on...

---

>Cyolo, provider of secure remote access solutions for operational technology (OT) and industrial control systems (ICS), announced on... ]]> 2025-02-12T15:40:31+00:00 https://industrialcyber.co/news/cyolo-set-to-advance-transform-cyber-physical-systems-with-nvidia-cybersecurity-ai-platform/ www.secnews.physaphae.fr/article.php?IdArticle=8648215 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial At the ongoing S4x25 conference, Jeffrey Macre, industrial security solutions architect at Darktrace, highlighted the rapidly evolving role...

---

>At the ongoing S4x25 conference, Jeffrey Macre, industrial security solutions architect at Darktrace, highlighted the rapidly evolving role... ]]> 2025-02-11T22:42:29+00:00 https://industrialcyber.co/events/navigating-the-hype-of-ai-in-operational-technology/ www.secnews.physaphae.fr/article.php?IdArticle=8648130 False Industrial,Conference None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial EmberOT, provider of industrial asset and network monitoring solutions, announced Tuesday the launch of IgniteOnsite, a portable OT...

---

>EmberOT, provider of industrial asset and network monitoring solutions, announced Tuesday the launch of IgniteOnsite, a portable OT... ]]> 2025-02-11T22:26:35+00:00 https://industrialcyber.co/news/emberot-debuts-igniteonsite-its-portable-ot-cybersecurity-assessment-and-response-bundle/ www.secnews.physaphae.fr/article.php?IdArticle=8648133 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Dispel, a vendor of secure remote access solutions for industrial control systems (ICS) and operational technology (OT), and...

---

>Dispel, a vendor of secure remote access solutions for industrial control systems (ICS) and operational technology (OT), and... ]]> 2025-02-11T15:40:46+00:00 https://industrialcyber.co/news/dispel-nozomi-networks-deliver-integrated-zero-trust-security-solutions-for-ot-iot-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8648068 False Industrial None 3.0000000000000000 Dragos - CTI Society In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024  first appeared on Dragos.

---

>In the fourth quarter (October to December) of 2024, the ransomware threat landscape presented an increasingly dynamic ecosystem, with multiple... The post Dragos Industrial Ransomware Analysis: Q4 2024  first appeared on Dragos.]]> 2025-02-11T13:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q4-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8648046 False Ransomware,Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Robert M. Lee, CEO and co-founder of industrial cybersecurity firm Dragos, delivered a compelling opening keynote at BSidesICS... ]]> 2025-02-10T19:41:48+00:00 https://industrialcyber.co/control-device-security/bsidesics-2025-rob-lees-opening-keynote-sets-tone-for-future-of-ics-security/ www.secnews.physaphae.fr/article.php?IdArticle=8647917 False Industrial None 2.0000000000000000 Cyble - CyberSecurity Firm Cyble\'s weekly industrial control system (ICS) vulnerability report to clients included a warning about a severe vulnerability in a patient monitor that could potentially compromise patient safety. In all, the report covered 36 ICS, operational technology (OT) and Supervisory Control and Data Acquisition (SCADA) vulnerabilities, 31 of which affect critical manufacturing and energy systems. Ten of the 36 vulnerabilities were rated “critical” and 17 carried high-risk ratings. Patient Monitor Vulnerability Carries a 9.8 Risk Rating The patient monitor vulnerability, CVE-2024-12248, was one of three flaws in Contec Health CMS8000 Patient Monitors that were addressed in a January 30 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA said the vulnerabilities were reported to the agency anonymously. The Food and Drug Administration (FDA) also issued an alert about the vulnerabilities the same day. The FDA said the flaws “may put patients at risk after being connected to the internet,” but added that the agency “is not aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time.” The FDA advisory contained recommendations for patients and caregivers for mitigating the risk that included the following advice: “If your health c]]> 2025-02-10T13:34:05+00:00 https://cyble.com/blog/cyble-warns-risk-in-ics-vulnerability-report/ www.secnews.physaphae.fr/article.php?IdArticle=8647860 False Tool,Vulnerability,Patching,Industrial,Medical None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial As the industrial cybersecurity community converges in Tampa, Florida for the upcoming S4x25 and BSidesICS events, there is... ]]> 2025-02-09T14:43:38+00:00 https://industrialcyber.co/features/s4x25-and-bsidesics-where-industrial-cybersecurity-experts-converge-to-foster-collaboration-and-innovation/ www.secnews.physaphae.fr/article.php?IdArticle=8647718 False Industrial None 3.0000000000000000 Fortinet - Fabricant Materiel Securite Get insights into OT cybersecurity predictions and trends for 2025. Learn more.]]> 2025-02-07T16:00:00+00:00 https://www.fortinet.com/blog/business-and-technology/what-is-next-for-ot-security www.secnews.physaphae.fr/article.php?IdArticle=8647456 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial UTSI International Corporation, vendor of Industrial Control System (ICS) cybersecurity and critical infrastructure protection, has joined the ThreatGEN...

---

>UTSI International Corporation, vendor of Industrial Control System (ICS) cybersecurity and critical infrastructure protection, has joined the ThreatGEN... ]]> 2025-02-07T14:24:04+00:00 https://industrialcyber.co/vendors/utsi-international-joins-threatgen-partner-program-to-boost-cybersecurity-preparedness-for-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8647436 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Ampyx Cyber, a consulting firm specializing in industrial control systems (ICS) and operational technology (OT) security, announced on... ]]> 2025-02-07T14:22:49+00:00 https://industrialcyber.co/news/ampyx-cyber-appoints-andrew-luccitti-as-chief-revenue-officer-to-push-growth-innovation-in-industrial-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8647437 False Industrial None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2025-02-07T07:00:00+00:00 https://levelblue.com/blogs/security-essentials/rose-exposure-management-from-traditional-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8647365 False Tool,Vulnerability,Threat,Patching,Mobile,Industrial,Cloud,Technical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial EmberOT, provider of industrial asset and network monitoring solutions, is pleased to announce that Simon Chassar has joined...

---

>EmberOT, provider of industrial asset and network monitoring solutions, is pleased to announce that Simon Chassar has joined... ]]> 2025-02-06T15:53:29+00:00 https://industrialcyber.co/news/simon-chassar-now-part-of-emberot-industrial-security-startup-as-advisory-board-member/ www.secnews.physaphae.fr/article.php?IdArticle=8647233 False Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview The Cybersecurity and Infrastructure Security Agency (CISA) released a series of nine Industrial Control Systems (ICS) advisories on February 4, 2025. These CISA ICS advisories provide essential information about vulnerabilities, security risks, and recommended mitigations affecting various industrial control systems and their components. The advisories, which highlight numerous threats across a variety of devices, emphasize the need for vigilance and prompt action to protect critical infrastructure from potential exploits. The nine advisories address flaws found in systems from notable vendors such as Schneider Electric, Rockwell Automation, and AutomationDirect. These vulnerabilities can allow attackers to disrupt operations, gain unauthorized access, or even execute remote code on compromised devices. Details of the Industrial Control Systems Advisories 1. Western Telematic Inc. Vulnerability Advisory Code: ICSA-25-035-01 Vulnerable Products: NPS Seri]]> 2025-02-06T11:44:16+00:00 https://cyble.com/blog/cisa-new-industrial-control-systems-advisories/ www.secnews.physaphae.fr/article.php?IdArticle=8647196 False Vulnerability,Threat,Legislation,Industrial None 3.0000000000000000 SecurityWeek - Security News Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ.

---

>Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ. ]]> 2025-02-05T14:22:43+00:00 https://www.securityweek.com/cyber-insights-2025-ot-security/ www.secnews.physaphae.fr/article.php?IdArticle=8647051 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Risk Mitigation Consulting (RMC), provider of risk management, industrial cybersecurity solutions and engineering services for critical infrastructure and...

---

>Risk Mitigation Consulting (RMC), provider of risk management, industrial cybersecurity solutions and engineering services for critical infrastructure and... ]]> 2025-02-05T13:04:58+00:00 https://industrialcyber.co/news/risk-mitigation-consulting-secures-95m-navy-contract-to-lead-mission-assurance-industrial-cybersecurity-efforts/ www.secnews.physaphae.fr/article.php?IdArticle=8647025 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Claroty reported on Tuesday that threats to operational technology (OT) infrastructure within critical infrastructure installations are increasingly getting...

---

>Claroty reported on Tuesday that threats to operational technology (OT) infrastructure within critical infrastructure installations are increasingly getting... ]]> 2025-02-05T10:49:54+00:00 https://industrialcyber.co/industrial-cyber-attacks/claroty-exposes-ot-security-crisis-reveals-insecure-internet-connections-amid-rising-ransomware-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8646994 False Ransomware,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Ontinue, provider of AI-powered managed extended detection and response (MXDR) services, announced the expansion of its managed services...

---

>Ontinue, provider of AI-powered managed extended detection and response (MXDR) services, announced the expansion of its managed services... ]]> 2025-02-04T17:40:09+00:00 https://industrialcyber.co/news/ontinue-expands-ai-powered-mxdr-services-to-protect-iot-ot-environments-with-ion-for-iot-security/ www.secnews.physaphae.fr/article.php?IdArticle=8646866 False Industrial None 3.0000000000000000 Recorded Future - FLux Recorded Future Moscow-based cybersecurity company BI.ZONE posted an analysis of the Nova infostealer as other Russian firms warned about cyber-espionage and threats against industrial facilities.]]> 2025-02-04T16:15:22+00:00 https://therecord.media/russia-cybersecurity-research-bizone-nova-infostealer www.secnews.physaphae.fr/article.php?IdArticle=8646860 False Industrial None 3.0000000000000000 Dragos - CTI Society As cyber threats continue to evolve and target critical infrastructure, organizations need robust guidelines and solutions to protect their industrial... The post NIST SP 800-82r3: Enhancing OT Security with Dragos and NP-View  first appeared on Dragos.

---

>As cyber threats continue to evolve and target critical infrastructure, organizations need robust guidelines and solutions to protect their industrial... The post NIST SP 800-82r3: Enhancing OT Security with Dragos and NP-View  first appeared on Dragos.]]> 2025-02-04T15:50:45+00:00 https://www.dragos.com/blog/nist-sp-800-82r3-enhancing-ot-security-with-dragos-and-np-view/ www.secnews.physaphae.fr/article.php?IdArticle=8646839 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial A recent whitepaper published by Palo Alto Networks and Siemens revealed that the exploitation of remote services is... ]]> 2025-02-04T12:51:51+00:00 https://industrialcyber.co/reports/palo-alto-siemens-whitepaper-flags-critical-ot-vulnerabilities-as-manufacturing-sector-faces-alarming-cybersecurity-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8646805 False Vulnerability,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial As the OT and ICS cybersecurity landscape continues to evolve, so does the role of women as they... ]]> 2025-02-02T08:35:39+00:00 https://industrialcyber.co/features/evolving-role-of-women-in-ot-ics-cybersecurity-as-s4x25-and-bsides-for-ics-2025-address-inclusion-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8645992 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial In an exclusive interview for the Hall of Fame series, Industrial Cyber spoke with Sarah Freeman, chief engineer...

---

>In an exclusive interview for the Hall of Fame series, Industrial Cyber spoke with Sarah Freeman, chief engineer... ]]> 2025-02-02T07:51:12+00:00 https://industrialcyber.co/hall-of-fame/hall-of-fame-industrial-cybersecurity-engineer-sarah-freeman/ www.secnews.physaphae.fr/article.php?IdArticle=8645993 False Industrial None 3.0000000000000000 Techworm - News filing with the Indian stock exchanges, BSE & NSE. “As a precautionary measure, some of the IT services were suspended temporarily and have now been restored. Our Client delivery services have remained fully functional and unaffected throughout.” While the company did not disclose specific details about the ransomware attack, it said it is conducting a detailed investigation in collaboration with cybersecurity experts to assess the root cause and take necessary remedial action. “We remain committed to the highest standards of security and data protection and are taking all necessary steps to mitigate any potential risks,” the notice added. Meanwhile, Tata Technologies reassured its stakeholders that it was taking swift action to mitigate the impact and prevent further damage. “Our primary focus is on restoring operations while ensuring that any stolen or compromised data does not fall into the wrong hands,” said a spokesperson from the company. For those unaware, Tata Technologies is a subsidiary of the Tata Group that provides innovative solutions to sectors such as automotive, aerospace, and industrial machinery. As of now, no ransomware gang has claimed responsibility for the cyberattack on Tata Technologies, nor has the company disclosed whether it paid a ransom demand. Keep watching this space for more updates, as this story is developing!

---

In a significant cyberattack, Tata Technologies, a prominent Indian multinational engineering and design services company, has fallen victim to a ransomware attack. The company temporarily paused some of its IT assets as a precautionary measure, which has now been fully restored. However, the Client delivery services were fully functional after the cyberattack and remain unaffected. “This is to inform you that the Company has become aware of a ransomware incident that has affected a few of our IT assets,”  the company said in its filing with the Indian stock exchanges, BSE & NSE. “As a precautionary measure, some of the IT services were suspended temporarily and have now been restored. Our Client delivery services have remained fully functional and unaffected throughout.” While the company did not disclose specific details about the ransomware attack, it said it is conducting a detailed investigation in collaboration with cybersecurity experts to assess the root cause and take necessary remedial action. “We remain committed to the highest standards of security and data protection and are taking all necessary steps to mitigate any potential risks,” the notice added. Meanwhile, Tata Technologies reassured its stakeholders that it was taking swift action to mitigate the impact and prevent further damage. “Our primary focus is on restoring operations while ensuring that any stolen or compromised data does not fall into the wrong hands,” said a spokesperson from the company. For those unaware, Tata Technologies is a subsidiary of the Tata Group that provides innovative solutions to sectors such as automot]]> 2025-02-01T20:59:57+00:00 https://www.techworm.net/2025/02/ransomware-attack-indian-tech-tata-technologies.html www.secnews.physaphae.fr/article.php?IdArticle=8645746 False Ransomware,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The International Society of Automation (ISA) announced this week release of ANSI/ISA-62443-2-1-2024, an update to industrial automation and...

---

>The International Society of Automation (ISA) announced this week release of ANSI/ISA-62443-2-1-2024, an update to industrial automation and... ]]> 2025-01-31T10:28:38+00:00 https://industrialcyber.co/isa-iec-62443/isa-releases-updated-ansi-isa-62443-2-1-2024-standard-to-strengthen-industrial-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8645196 False Industrial None 3.0000000000000000 Cyble - CyberSecurity Firm Overview A pair of 9.8-severity flaws in mySCADA myPRO Manager SCADA systems were among the vulnerabilities highlighted in Cyble\'s weekly Industrial Control System (ICS) Vulnerability Intelligence Report. Cyble Research & Intelligence Labs (CRIL) examined eight ICS vulnerabilities in the January 28 report for clients, including high-severity flaws in critical manufacturing, energy infrastructure, and transportation networks. OS Command Injection (CWE-78) and Improper Security Checks (CWE-358, CWE-319) accounted for half of the vulnerabilities in the report, “indicating a persistent challenge in securing authentication and execution processes in ICS environments,” Cyble said. Critical mySCADA Vulnerabilities The critical mySCADA myPRO supervisory control and data acquisition (SCADA) vulnerabilities haven\'t yet appeared in the NIST National Vulnerability Database (NVD) or the MITRE CVE database, but they were the subject of a CISA ICS advisory on January 23. The mySCADA myPRO Manager system provides user interfaces and functionality for real-time monitoring and control of industrial processes across a range of critical industries and applications. CISA said the vulnerabilities can be exploited remotely with low attack complexity, potentially allowing a remote attacker to execute arbitrary commands or disclose sensitive information. CVE-2025-20061 was assigned a CVSS v3.1 base score of 9.8 and is an Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') vulnerability. CISA said mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information, so the vulnerability could be used to execute arbitrary commands on an affected system. CVE-2025-20014 is also a 9.8-severity OS Command Injection vulnerability, as myPRO also does not properly neutralize POST requests sent to a specific port with version information, which could potentially lead to an attacker executing arbitrary commands. The following mySCADA products are affected: myPRO Manager: Versions prior to 1.3 myPRO Runtime: Versions prior to 9.2.1 mySCADA recommends that users update to the latest versions: mySCADA PRO Manager 1.3 mySCADA PRO Runtime 9.2.1 ]]> 2025-01-30T08:42:50+00:00 https://cyble.com/blog/ics-vulnerability-report-cyble-urges-critical-myscada-fixes/ www.secnews.physaphae.fr/article.php?IdArticle=8644674 False Tool,Vulnerability,Patching,Industrial None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant science, technology, and beyond. In cybersecurity, AI is poised to transform digital defense, empowering defenders and enhancing our collective security. Large language models (LLMs) open new possibilities for defenders, from sifting through complex telemetry to secure coding, vulnerability discovery, and streamlining operations. However, some of these same AI capabilities are also available to attackers, leading to understandable anxieties about the potential for AI to be misused for malicious purposes.  Much of the current discourse around cyber threat actors\' misuse of AI is confined to theoretical research. While these studies demonstrate the potential for malicious exploitation of AI, they don\'t necessarily reflect the reality of how AI is currently being used by threat actors in the wild. To bridge this gap, we are sharing a comprehensive analysis of how threat actors interacted with Google\'s AI-powered assistant, Gemini. Our analysis was grounded by the expertise of Google\'s Threat Intelligence Group (GTIG), which combines decades of experience tracking threat actors on the front lines and protecting Google, our users, and our customers from government-backed attackers, targeted 0-day exploits, coordinated information operations (IO), and serious cyber crime networks. We believe the private sector, governments, educational institutions, and other stakeholders must work together to maximize AI\'s benefits while also reducing the risks of abuse. At Google, we are committed to developing responsible AI guided by our principles, and we share ]]> 2025-01-29T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8644222 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Legislation,Mobile,Industrial,Cloud,Technical,Commercial APT 41,APT 43,APT 42 3.0000000000000000 Cyble - CyberSecurity Firm Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems (ICS) products. These ICS vulnerabilities, identified in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities, as well as B&R Automation\'s Runtime software, pose online risks to critical infrastructure systems worldwide. The ICS vulnerabilities, if exploited, could lead to potentially devastating impacts on the integrity, confidentiality, and availability of systems within energy, critical manufacturing, and other essential sectors. Schneider Electric\'s Vulnerability in RemoteConnect and SCADAPack x70 Utilities The ICS vulnerability in Schneider Electric\'s RemoteConnect and SCADAPack x70 Utilities arises from the deserialization of untrusted data, identified as CWE-502. This flaw could allow attackers to execute remote code on affected workstations, leading to several security risks, including the loss of confidentiality and integrity. The issue is triggered when a non-admin authenticated user opens a malicious project file, which could potentially be introduced through email, file sharing, or other methods. Schneider Electric has assigned the CVE identifier CVE-2024-12703 to this vulnerability, with a base CVSS v3 score of 7.8 and a CVSS v4 score of 8.5. Both versions highlight the severity of the issue, with potential consequences including unauthorized remote code execution. This vulnerability affects all versions of both RemoteConnect and SCADAPack x70 Utilities, products widely deployed in sectors such as energy and critical manufacturing across the globe. Although Schneider Electric is working on a remediation plan for future product versions, there are interim steps that organizations can take to mitigate the risk. These include: Only opening project files from trusted sources Verifying file integrity by computing and checking hashes regularly Encrypting project files and restricting access to trusted users Using secure communication protocols when exchanging files over the network Following established SCADAPack Security Guidelines for added protection CISA recommends minimizing the network exposure of control system devices, ensuring they are not directly accessible from the internet, and placing control system networks behind firewalls to isolate them from business networks. When remote access is necessary, using secure methods like Virtual Private Networks (VPNs) is strongly advised. However, organizations should ens]]> 2025-01-29T13:01:36+00:00 https://cyble.com/blog/cisa-release-advisories-for-new-ics-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8644292 False Vulnerability,Threat,Patching,Industrial None 4.0000000000000000 Kaspersky - Kaspersky Research blog Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025.]]> 2025-01-29T10:00:37+00:00 https://securelist.com/industrial-threat-predictions-2025/115327/ www.secnews.physaphae.fr/article.php?IdArticle=8644217 False Threat,Industrial None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released six industrial control systems (ICS) advisories and updated an... ]]> 2025-01-29T08:15:23+00:00 https://industrialcyber.co/cisa/cisa-flags-hardware-vulnerabilities-in-ics-and-medical-devices-affects-br-schneider-electric-rockwell-bd-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8644199 False Vulnerability,Industrial,Medical None 3.0000000000000000 Global Security Mag - Site de news francais Business

---

Sphinx France et Seckiot unissent leurs forces pour protéger les infrastructures industrielles avec des solutions de cybersécurité OT avancées - Business]]> 2025-01-28T20:35:51+00:00 https://www.globalsecuritymag.fr/sphinx-france-et-seckiot-unissent-leurs-forces-pour-proteger-les.html www.secnews.physaphae.fr/article.php?IdArticle=8643986 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Autonomous operational technology (OT) security assessment platform Frenos announced Tuesday the closing of a US$3.88 million financing round,...

---

>Autonomous operational technology (OT) security assessment platform Frenos announced Tuesday the closing of a US$3.88 million financing round,... ]]> 2025-01-28T13:50:09+00:00 https://industrialcyber.co/news/frenos-secures-3-88-million-funding-to-push-product-development-market-penetration-in-ot-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8643827 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Data released by Forescout Technologies disclosed that cybersecurity will be a primary concern for both enterprise and government... ]]> 2025-01-28T11:31:57+00:00 https://industrialcyber.co/reports/forescout-2024-threat-report-warns-of-intensifying-cyber-threats-in-2025-as-ot-protocols-increasingly-targeted/ www.secnews.physaphae.fr/article.php?IdArticle=8643781 False Threat,Industrial None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial As the industrial sector advances into 2025, industrial supply chain security is increasingly likely to be defined by... ]]> 2025-01-26T09:01:19+00:00 https://industrialcyber.co/features/need-to-build-robust-industrial-supply-chain-security-while-considering-emerging-technologies/ www.secnews.physaphae.fr/article.php?IdArticle=8642822 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Forescout Technologies announced that the company delivered record double digit growth in its US Federal Government business. The... ]]> 2025-01-23T14:30:52+00:00 https://industrialcyber.co/news/forescout-reports-growth-in-us-federal-business-with-38-rise-in-dod-sector-and-niap-certification-for-ot-solution/ www.secnews.physaphae.fr/article.php?IdArticle=8641602 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial DeNexus, vendor of end-to-end cyber risk management for operational technology (OT) in industrial enterprises and critical infrastructure installations...

---

>DeNexus, vendor of end-to-end cyber risk management for operational technology (OT) in industrial enterprises and critical infrastructure installations... ]]> 2025-01-23T14:28:14+00:00 https://industrialcyber.co/news/denexus-report-92-of-industrial-sites-at-risk-of-cyber-threats-potential-losses-reach-1-5-million/ www.secnews.physaphae.fr/article.php?IdArticle=8641603 False Industrial None 3.0000000000000000