This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T03:39:35+00:00 www.secnews.physaphae.fr Cyble - CyberSecurity Firm Overview  A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.  The midair collision system flaws have been judged at low risk of being exploited, but one of the vulnerabilities does not presently have a fix. They could potentially be exploited from adjacent networks.  Other ICS vulnerabilities covered in the January 15-21 Cyble report to subscribers include flaws in critical manufacturing, energy and other critical infrastructure systems. The full report is available for subscribers, but Cyble is publishing information on the TCAS vulnerabilities in the public interest.  TCAS II Vulnerabilities  The TCAS II vulnerabilities were reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) by European researchers and defense agencies. CISA in turn disclosed the vulnerabilities in a January 21 advisory.  The vulnerabilities are still undergoing analysis by NIST, but Cyble vulnerability researchers said the weaknesses “underscore the urgent need for enhanced input validation and secure configuration controls in transportation systems.”  TCAS airborne devices function independently of ground-based air traffic control (ATC) systems, according to the FAA, and provide collision avoidance protection for a range of aircraft types. TCAS II is a more advanced system for commercial aircraft with more than 30 seats or a maximum takeoff weight of more than 33,000 pounds. TCAS II offers advanced features such as recommended escape maneuvers for avoiding midair collisions.  The first vulnerability, CVE-2024-9310, is an “Untrusted Inputs” vulnerability in TCAS II that presently carries a CVSS 3.1 base score of 6.1.  CISA notes that “By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories (RAs).”  The second flaw, CVE-2024-11166, is an 8.2-severity External Control of System or Configuration Setting vulnerability. TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F could be attacked by threat actors impersonating a ground station to issue a Comm-]]> 2025-01-23T12:43:04+00:00 https://cyble.com/blog/aircraft-collision-ics-flaw-risks-mid-air-crashes/ www.secnews.physaphae.fr/article.php?IdArticle=8642105 False Tool,Vulnerability,Threat,Patching,Industrial,Commercial None 3.0000000000000000 Global Security Mag - Site de news francais Special Reports

---

DeNexus™: New Study Reveals 92% of Industrial Sites at Risk from Unsecured Remote Access Industrial Cyber Risks Could Cost Sites $1.5M as Remote Access Threats Surge - Special Reports]]> 2025-01-22T19:51:11+00:00 https://www.globalsecuritymag.fr/new-study-reveals-92-of-industrial-sites-at-risk-from-unsecured-remote-access.html www.secnews.physaphae.fr/article.php?IdArticle=8641239 False Studies,Industrial None 3.0000000000000000 Reversemode - Blog de reverser The war that began with Russia\'s full-scale invasion of Ukraine has led to a series of unprecedented nuclear-related situations. During the first 48 hours, Chernobyl-a symbol of the deep-seated fear of nuclear disaster, especially within Europe-was taken by Russian troops.This was accompanied by reports of  radiation spikes, various plots involving dirty bombs and nuclear materials, and Russian soldiers allegedly killed by acute radiation syndrome. In the end, all of it was proven to be as fictitious as the reported radiation levels.We should view these mutual accusations between Ukraine and Russia as part of the information war, which likely didn\'t come as a complete surprise to those in the know. For instance, in an insightful piece Politico published documenting the \'first-ever oral history of how top U.S. and Western officials saw the warning signs of a European land war,\' John Kirby stated the following:Without time to recover from the shock caused by the events in the Chernobyl Exclusion Zone, just a few days later, Russia attacked and eventually occupied Europe\'s largest nuclear power plant: Zaporizhzhia. Four weeks later, Russian forces withdrew from Chernobyl, but they did not withdraw from Zaporizhzhia NPP, which remains occupied to this day. With a new administration taking over the U.S. government, likely to have a significant influence on the conditions and terms for ending this armed conflict-if it ends at all-now seems like the right moment to address a gap in the existing coverage of the Zaporizhzhia NPP occupation: its cyber dimension.Ukraine: From Non-Proliferation to the Modernization of Its Nuclear Power PlantsAfter the Soviet Union\'s collapse in 1991, Ukraine agreed to give up its nuclear weapons under the Budapest Memorandum (1994), in exchange for security assurances from Russia, the U.S., and the UK.  Some might argue that this move has not aged well, ]]> 2025-01-22T14:43:46+00:00 https://www.reversemode.com/2025/01/the-cyber-dimension-of-zaporizhzhia-npp.html www.secnews.physaphae.fr/article.php?IdArticle=8654591 False Tool,Vulnerability,Studies,Industrial,Technical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial New research from DNV recorded that growing attention is being paid to operational technology (OT) cybersecurity – securing... ]]> 2025-01-22T12:50:52+00:00 https://industrialcyber.co/utilities-energy-power-water-waste/dnv-report-highlights-increased-ot-cybersecurity-investment-in-energy-sector-due-to-escalating-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8641071 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three advisories on Tuesday detailing current security issues, vulnerabilities,...

---

>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released three advisories on Tuesday detailing current security issues, vulnerabilities,... ]]> 2025-01-22T12:46:42+00:00 https://industrialcyber.co/cisa/cisa-discloses-security-flaws-in-aircraft-collision-avoidance-systems-siemens-industrial-equipment/ www.secnews.physaphae.fr/article.php?IdArticle=8641072 False Vulnerability,Industrial None 3.0000000000000000 Zataz - Magazine Francais de secu La cybersécurité maritime s\'impose comme un enjeu majeur pour la protection des navires et des ports. Piratages, espionnage industriel et sabotages deviennent possibles, menaçant durablement l\'économie mondiale et la sécurité des équipages, à l\'échelle planétaire....]]> 2025-01-21T22:37:23+00:00 https://www.zataz.com/la-cybersecurite-a-bord-quand-la-menace-gagne-les-oceans-et-les-quais/ www.secnews.physaphae.fr/article.php?IdArticle=8640789 False Industrial None 3.0000000000000000 Dragos - CTI Society As operational technology (OT) environments evolve, their networks of connected devices are no longer limited to isolated industrial equipment. Today\'s... The post Key Controls in Securing Cyber-Physical Systems (CPS)  first appeared on Dragos.

---

>As operational technology (OT) environments evolve, their networks of connected devices are no longer limited to isolated industrial equipment. Today\'s... The post Key Controls in Securing Cyber-Physical Systems (CPS)  first appeared on Dragos.]]> 2025-01-21T13:00:00+00:00 https://www.dragos.com/blog/key-controls-in-securing-cyber-physical-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8640625 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial New research from Claroty\'s Team82 research arm uncovered three vulnerabilities in Hunting Planet WGS-804HPT industrial switch that could...

---

>New research from Claroty\'s Team82 research arm uncovered three vulnerabilities in Hunting Planet WGS-804HPT industrial switch that could... ]]> 2025-01-21T08:47:01+00:00 https://industrialcyber.co/industrial-cyber-attacks/clarotys-team82-exposes-critical-vulnerabilities-in-hunting-planet-wgs-804hpt-industrial-switch/ www.secnews.physaphae.fr/article.php?IdArticle=8640526 False Vulnerability,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Robert Lee, the CEO of industrial cybersecurity company Dragos, warns that using IT cybersecurity measures to protect operational...

---

>Robert Lee, the CEO of industrial cybersecurity company Dragos, warns that using IT cybersecurity measures to protect operational... ]]> 2025-01-20T08:51:36+00:00 https://industrialcyber.co/industrial-cyber-attacks/dragos-lee-urges-enhanced-it-cybersecurity-for-safeguarding-critical-ot-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8640024 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial As the industrial cybersecurity scene prepares to converge next month for S4x25 at the JW Marriott Water St,... ]]> 2025-01-19T09:58:04+00:00 https://industrialcyber.co/features/s4x25-dale-peterson-outlines-vision-for-industrial-cybersecurity-emphasizes-on-innovation-and-connection/ www.secnews.physaphae.fr/article.php?IdArticle=8639595 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The recent World Economic Forum’s Global Cybersecurity Outlook 2025 analyzes the escalating complexities in the cyber landscape. With...

---

>The recent World Economic Forum’s Global Cybersecurity Outlook 2025 analyzes the escalating complexities in the cyber landscape. With... ]]> 2025-01-19T09:31:24+00:00 https://industrialcyber.co/news/5-key-ot-cybersecurity-strategies-from-the-wef-global-cybersecurity-outlook-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8639596 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial OT cybersecurity company Dragos Inc., has announced a global partnership with Yokogawa Electric Corporation, provider of industrial automation and...

---

>OT cybersecurity company Dragos Inc., has announced a global partnership with Yokogawa Electric Corporation, provider of industrial automation and... ]]> 2025-01-18T08:04:00+00:00 https://industrialcyber.co/news/dragos-yokogawa-electric-partner-to-boost-ot-cybersecurity-visibility-across-industrial-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8639598 False Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed three security flaws in Planet Technology\'s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty\'s Tomer Goldschmidt said in a Thursday report. "An attacker]]> 2025-01-17T19:38:00+00:00 https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html www.secnews.physaphae.fr/article.php?IdArticle=8638800 False Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch 2025-01-16T21:36:00+00:00 https://www.darkreading.com/ics-ot-security/cisa-and-us-and-international-partners-publish-guidance-for-ot-owners-and-operators www.secnews.physaphae.fr/article.php?IdArticle=8638482 False Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn\'t just ineffective-it\'s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT]]> 2025-01-15T17:00:00+00:00 https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html www.secnews.physaphae.fr/article.php?IdArticle=8637704 False Industrial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2025-01-14T18:59:00+00:00 https://levelblue.com/blogs/security-essentials/3-tips-for-eliminating-attack-surface-blind-spots www.secnews.physaphae.fr/article.php?IdArticle=8638362 False Tool,Vulnerability,Threat,Mobile,Industrial,Cloud None 3.0000000000000000 Dragos - CTI Society Are you ready to tackle the evolving challenges in OT cybersecurity? Over the past year, the operational technology (OT) cybersecurity... The post The 2025 Dragos OT Cybersecurity Year in Review is Coming Soon  first appeared on Dragos.

---

>Are you ready to tackle the evolving challenges in OT cybersecurity? Over the past year, the operational technology (OT) cybersecurity... The post The 2025 Dragos OT Cybersecurity Year in Review is Coming Soon  first appeared on Dragos.]]> 2025-01-14T17:22:21+00:00 https://www.dragos.com/blog/the-2025-dragos-ot-cybersecurity-year-in-review-is-coming-soon/ www.secnews.physaphae.fr/article.php?IdArticle=8637281 False Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design]]> 2025-01-14T09:12:00+00:00 https://www.infosecurity-magazine.com/news/critical-infrastructure-product/ www.secnews.physaphae.fr/article.php?IdArticle=8637073 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Risk Mitigation Consulting (RMC), a vendor of risk management, industrial cybersecurity, and engineering services for critical missions and...

---

>Risk Mitigation Consulting (RMC), a vendor of risk management, industrial cybersecurity, and engineering services for critical missions and... ]]> 2025-01-14T07:31:19+00:00 https://industrialcyber.co/news/rmc-announces-key-promotions-new-hires-amid-27-growth-surge/ www.secnews.physaphae.fr/article.php?IdArticle=8637034 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Cybersecurity and Infrastructure Security Agency (CISA) joined by 11 domestic and international partners, including the European Commission,...

---

>The Cybersecurity and Infrastructure Security Agency (CISA) joined by 11 domestic and international partners, including the European Commission,... ]]> 2025-01-13T13:03:00+00:00 https://industrialcyber.co/cisa/cybersecurity-agencies-focus-on-enhancing-ot-security-list-12-essential-elements-for-procurement-process/ www.secnews.physaphae.fr/article.php?IdArticle=8637036 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released on Friday four advisories concerning industrial control systems (ICS).... ]]> 2025-01-13T08:39:23+00:00 https://industrialcyber.co/control-device-security/cisa-reports-security-vulnerabilities-in-ics-equipment-from-schneider-electric-delta-electronics-rockwell-automation/ www.secnews.physaphae.fr/article.php?IdArticle=8636629 False Vulnerability,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws... ]]> 2025-01-13T08:36:52+00:00 https://industrialcyber.co/control-device-security/singapores-csa-issues-urgent-advisory-on-mirai-botnet-threat-to-industrial-routers-smart-home-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8636630 False Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The evolving landscape of cyber-physical security brings unique challenges to IT (information technology) and OT (operational technology) environments...

---

>The evolving landscape of cyber-physical security brings unique challenges to IT (information technology) and OT (operational technology) environments... ]]> 2025-01-12T07:02:33+00:00 https://industrialcyber.co/features/adopting-holistic-approach-to-address-complexities-of-cyber-physical-security-across-it-and-ot-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8636240 False Industrial None 3.0000000000000000 Reversemode - Blog de reverser Anatomy of a Nuclear Scare", an article that covers this issue.This trend does not come as a surprise, as radioactivity is one of those few things that can collectively trigger significant levels of societal anxiety and emotional, rather than rational, response, which is often disproportionate to the actual physical risks it poses. This radiation fear has been shaped during years by a mix of cultural, historical, and media-driven narratives. In recent years, increasing geopolitical instability, the ever-growing influence of social media, the return of magical thinking and the precariousness and discrediting of traditional sources of information have resulted in a constant flow of misinformation.. It\'s no coincidence that successful campaigns can be executed with limited resources, compared to traditional manipulation activities, and still have the potential to go viral, maximizing ROI.Despite the fact that these campaigns explicitly exploited-or leveraged-publicly available online resources providing real-time radiation levels, in most cases, the actions were simplistic and carried out without the need for specialized \'cyber\' skills or expertise. So far, the only exception to this trend can be found in Chernobyl\'s post-invasion radiation spikes from 2022.I see no reason to believe that we won\'t likely see similar campaigns in the near future. I also acknowledge that this topic is not everyone\'s cup of tea. You may not have the time or interest to go through detailed technical explanations of radioactivity from both physics and cybersecurity perspectives. However, for those who are really interested in that kind of in-depth reading, I\'ve published comprehensive research papers on this topic.So, I thought it might be useful to put together this publication, which is merely intended to serve as an \'emergency guide\' to quickly grasp a set of simple yet sound principles that hopefully can help everyone, regardless of their background, to approach radioactivity-related reports with a critical eye. Armed with these fundamentals of radiation monitoring, we\'ll learn how to quickly discern between stories that make sense and those that don\'t hold water.An Emergency Guide to Understanding Radioactivity and Radiation MonitoringLet\'s say that you want to build a simple cabin in a small plot of land you have in the woods. The foundations should be stable enough to ensure the structure does not collapse just right after finishing it. However, you have an unusual constraint: the only material you can use is balloons. Common sense suggests that, although balloons are not the ideal material, the best way to use them would be to keep them completely deflated. Anything built using inflated balloons will not last long; it depends on the quality of the material the balloon is made of, but everybody acknowl]]> 2025-01-08T18:35:29+00:00 https://www.reversemode.com/2025/01/addressing-exploitation-of-radiation.html www.secnews.physaphae.fr/article.php?IdArticle=8654592 False Tool,Threat,Industrial,Prediction,Technical None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Announcing the launch of our new innovation to Darktrace/OT. This industry leading innovation for Darktrace/OT moves beyond CVE scores to redefine vulnerability management for critical infrastructure, tackling the full breadth of risks not limited by traditional controls.]]> 2025-01-08T17:15:19+00:00 https://darktrace.com/blog/managing-risk-beyond-cve-scores-with-the-latest-innovations-to-darktrace-ot www.secnews.physaphae.fr/article.php?IdArticle=8634985 False Vulnerability,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.]]> 2025-01-08T15:59:00+00:00 https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html www.secnews.physaphae.fr/article.php?IdArticle=8634848 False Vulnerability,Industrial None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed. On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network. Ivanti and its affected customers identified the compromise based on indications from the company-supplied Integrity Checker Tool (“ICT”) along with other commercial security monitoring tools. Ivanti has been working closely with Mandiant, affected customers, government partners, and security vendors to address these issues. As a result of their investigation, Ivanti has released patches for the vulnerabilities exploited in this campaign and Ivanti customers are urged to follow the actions in the Security Advisory to secure their systems as soon as possible. Mandiant is currently performing analysis of multiple compromised Ivanti Connect Secure appliances from multiple organizations. The activity described in this blog utilizes insights collectively derived from analysis of these infected devices and have not yet conclusively tied all of the activity described below to a single actor. In at least one of the appliances undergoing analysis, Mandiant observed the deployment of the previously observed SPAWN ecosystem of malware (which includes the SPAWNANT installer, SPAWNMOLE tunneler and the SPAWNSNAIL SSH backdoor). The deployment of the SPAWN ecosystem of malware following the targeting of Ivanti Secure Connect appliances has been attributed to ]]> 2025-01-08T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8635099 False Malware,Tool,Vulnerability,Threat,Industrial,Cloud,Commercial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices]]> 2025-01-08T10:45:00+00:00 https://www.infosecurity-magazine.com/news/mirai-botnet-zerodays-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8634847 False Vulnerability,Industrial None 2.0000000000000000 The State of Security - Magazine Américain As we enter 2025, the frequency and sophistication of cyberattacks on critical national infrastructure (CNI) in the US are rising at an alarming rate. These attacks target the foundational systems that support everything from energy and water to transportation and communications, and the consequences are far-reaching and potentially catastrophic. They impact not just the operations of these services but also the very way of life for affected populations. The Deadly Cost of Ignoring OT Security Critical infrastructure attacks are particularly egregious because they have cascading effects. When...]]> 2025-01-08T03:17:24+00:00 https://www.tripwire.com/state-of-security/cyber-threats-rising-us-critical-infrastructure-under-increasing-attack www.secnews.physaphae.fr/article.php?IdArticle=8634828 False Industrial None 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.

---

From the Washington Post: The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.]]> 2025-01-07T12:00:42+00:00 https://www.schneier.com/blog/archives/2025/01/us-treasury-department-sanctions-chinese-company-over-cyberattacks.html www.secnews.physaphae.fr/article.php?IdArticle=8634486 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Moxa, a company specializing in industrial networking and communication solutions, announced that its cellular routers, secure routers, and... ]]> 2025-01-07T10:18:28+00:00 https://industrialcyber.co/vulnerabilities/moxa-finds-privilege-escalation-os-command-injection-flaws-in-cellular-routers-network-security-appliances/ www.secnews.physaphae.fr/article.php?IdArticle=8634468 False Industrial None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Critical vulnerabilities discovered in Moxa\'s industrial networking devices could allow privilege escalation and OS command injection, exposing critical infrastructure to potential cyberattacks. In a security advisory, Moxa said that affected models include EDR and TN series routers widely used in industrial automation, energy, and telecommunications. Successful exploitation could grant attackers control over devices, posing a [...]]]> 2025-01-07T04:34:44+00:00 https://informationsecuritybuzz.com/moxa-devices-vulnerable-to-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8634351 False Vulnerability,Industrial None 4.0000000000000000 The State of Security - Magazine Américain Open-source software (OSS) has become an indispensable component in many industrial environments. Just last year, 95% of companies said they increased or maintained their use of OSS. According to the Linux Foundation, 70-80% of all code in any modern solution has been directly plucked from OSS solutions,. Cost-efficiency, flexibility, and expansive development community make OSS an attractive option for many organizations looking to innovate while managing budgets. It\'s also a boon for anyone looking for transparency over pure performance. However, these apparent strengths can mask significant...]]> 2025-01-07T03:06:00+00:00 https://www.tripwire.com/state-of-security/overlooked-risks-open-source-software-industrial-security www.secnews.physaphae.fr/article.php?IdArticle=8634411 False Industrial None 4.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices.  ]]> 2025-01-06T19:46:21+00:00 https://cyberscoop.com/industrial-networking-manufacturer-moxa-reports-critical-router-bugs/ www.secnews.physaphae.fr/article.php?IdArticle=8634225 False Industrial None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Across the globe, there is an increase in communities, associations, and alliances working toward information sharing and awareness... ]]> 2025-01-05T02:04:05+00:00 https://industrialcyber.co/features/industrial-cybersecurity-coalitions-rise-to-meet-growing-ot-ics-cyber-threats-build-awareness-take-action/ www.secnews.physaphae.fr/article.php?IdArticle=8633623 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial A recent report from VulnCheck disclosed a new post-authentication vulnerability affecting Four-Faith industrial routers being exploited in the...

---

>A recent report from VulnCheck disclosed a new post-authentication vulnerability affecting Four-Faith industrial routers being exploited in the... ]]> 2025-01-03T09:21:48+00:00 https://industrialcyber.co/industrial-cyber-attacks/new-post-authentication-vulnerability-discovered-in-four-faith-industrial-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8633624 False Vulnerability,Industrial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) any any ( \     msg:"VULNCHECK Four-Faith CVE-2024-12856 Exploit Attempt"; \     flow:to\_server; \     http.method; content:"POST"; \     http.uri; content:"/apply.cgi"; startswith; \     http.header\_names; content:"Authorization"; \     http.request\_body; content:"change\_action="; \     content:"adjust\_sys\_time"; \     pcre:"/adj\_time\_[^=]+=[a-zA-Z0-9]\*[^a-zA-Z0-9=]/"; \     classtype:web-application-attack; \     reference:cve,CVE-2024-12856; \     sid:12700438; rev:1;) Microsoft recommends detect critical data security risks before they evolve into real incidents through reconnaissance and vulnerability scanning to identify security weaknesses that could be used in a cyberattack.   - Regularly update and patch software to protect against known vulnerabilities, using [Microsoft Defender vulnerability management dashboard](https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-dashboard-insights). Read more about how [vulnerability management](https://www.microsoft.com/en-us/security/business/security-101/what-is-vulnerability-management) works. Additionally, [integrate your Security Inform]]> 2024-12-31T20:19:48+00:00 https://community.riskiq.com/article/063596f6 www.secnews.physaphae.fr/article.php?IdArticle=8632164 False Tool,Vulnerability,Threat,Industrial None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The vulnerability, found in versions of Four-Faith routers, appears to have been exploited in the wild and has been connected to attempted infections of Mirai.

---

>The vulnerability, found in versions of Four-Faith routers, appears to have been exploited in the wild and has been connected to attempted infections of Mirai. ]]> 2024-12-30T19:55:10+00:00 https://cyberscoop.com/iot-command-injection-industrial-routers-four-faith-mirai/ www.secnews.physaphae.fr/article.php?IdArticle=8631758 False Vulnerability,Industrial None 2.0000000000000000 Dragos - CTI Society As cyber adversaries grow more sophisticated in targeting critical industrial infrastructure, the need for robust cybersecurity measures has never been... The post Top 5 Cybersecurity Threats to Oil & Gas, and How to Protect Against Them  first appeared on Dragos.

---

>As cyber adversaries grow more sophisticated in targeting critical industrial infrastructure, the need for robust cybersecurity measures has never been... The post Top 5 Cybersecurity Threats to Oil & Gas, and How to Protect Against Them  first appeared on Dragos.]]> 2024-12-30T13:00:00+00:00 https://www.dragos.com/blog/top-5-cybersecurity-threats-to-oil-gas-and-how-to-protect-against-them/ www.secnews.physaphae.fr/article.php?IdArticle=8631661 False Industrial None 3.0000000000000000 HackRead - Chercher Cyber SUMMARY: VulnCheck has discovered a critical new vulnerability (CVE-2024-12856) affecting Four-Faith industrial routers (F3x24 and F3x36), with evidence…]]> 2024-12-30T06:13:40+00:00 https://hackread.com/critical-flaw-expose-four-faith-routers-remote-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8631542 False Vulnerability,Industrial None 2.0000000000000000 Global Security Mag - Site de news francais Interviews / affiche, it-sa 2024 en

---

Global Security Mag: Good afternoon, Peter. Global Security Mag is happy to have this opportunity to exchange with you about Armis. Could you please tell us what Armis is presenting at it-sa 2024? Peter Machat: Thanks for having me. Armis has a booth with its distributor Infinigate to allow our experts showing a demonstration instance for our cyber exposure management platform based on some standard data from different scenarios like healthcare, or like typical OT Security, just to give an idea about what Company\'s IT assets are visible. And for that purpose, they use different sources. They usually use all the integrations the customer offers, meaning systems the customers already have, like CrowdStrike Endpoint Protection Platform and so on. These data are integrated, and a network flow analysis can also be done. Network assets can be mapped and listed, information from different systems and vulnerabilities can be gathered and shown. That is part one of Armis\' solution and on top of that, we give recommendations, prioritizing what should be done. Our solution is directly integrated with tickets management systems like ServiceNow, so, tickets can be created to resolve the cases issued. - Interviews / affiche, it-sa 2024 en]]> 2024-12-28T13:32:59+00:00 https://www.globalsecuritymag.fr/peter-machat-senior-director-emea-central-armis-combining-armis-centrix.html www.secnews.physaphae.fr/article.php?IdArticle=8630956 False Vulnerability,Industrial,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here\'s how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.]]> 2024-12-27T14:00:00+00:00 https://www.darkreading.com/ics-ot-security/hackers-hot-water-utilities www.secnews.physaphae.fr/article.php?IdArticle=8630595 False Industrial None 3.0000000000000000 Kaspersky - Kaspersky Research blog The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024.]]> 2024-12-27T10:00:46+00:00 https://securelist.com/ics-cert-q3-2024-report/115182/ www.secnews.physaphae.fr/article.php?IdArticle=8630549 False Threat,Industrial None 2.0000000000000000 Palo Alto Network - Site Constructeur Expanded attack surfaces have made OT systems a target for cyber threats, underscoring the need for a security framework tailored to remote OT environments.

---

>Expanded attack surfaces have made OT systems a target for cyber threats, underscoring the need for a security framework tailored to remote OT environments. ]]> 2024-12-26T14:00:27+00:00 https://www.paloaltonetworks.com/blog/2024/12/securing-remote-ot-operations/ www.secnews.physaphae.fr/article.php?IdArticle=8630222 False Industrial None 3.0000000000000000 Palo Alto Network - Site Constructeur To manage AI\'s dual role in OT environments, organizations need rigorous risk assessment and clear governance protocols for deploying AI.

---

>To manage AI\'s dual role in OT environments, organizations need rigorous risk assessment and clear governance protocols for deploying AI. ]]> 2024-12-24T14:00:45+00:00 https://www.paloaltonetworks.com/blog/2024/12/harnessing-ai-strengthen-ot-security-against-modern-cyber-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8629517 False Industrial None 3.0000000000000000 Dragos - CTI Society In today\'s interconnected industrial environments, OT networks are more vulnerable than ever to cyber threats. Even with robust monitoring and... The post Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service  first appeared on Dragos.

---

>In today\'s interconnected industrial environments, OT networks are more vulnerable than ever to cyber threats. Even with robust monitoring and... The post Get On-Demand, Actionable Cyber Threat Insights with Dragos WorldView Request for Intelligence (RFI) Service  first appeared on Dragos.]]> 2024-12-23T13:00:00+00:00 https://www.dragos.com/blog/on-demand-actionable-cyber-threat-insights-with-dragos-worldview-rfi-service/ www.secnews.physaphae.fr/article.php?IdArticle=8629123 False Threat,Industrial None 2.0000000000000000 Sygnia - CyberSecurity Firm Download this CISO guide for actionable insights and best practices to help you establish an effective ICS/OT threat detection framework.

---

>Download this CISO guide for actionable insights and best practices to help you establish an effective ICS/OT threat detection framework. ]]> 2024-12-23T08:06:27+00:00 https://www.sygnia.co/guides-and-tools/ics-ot-threat-detection-guide/ www.secnews.physaphae.fr/article.php?IdArticle=8629005 False Threat,Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024]]> 2024-12-20T09:15:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-industries-downtime/ www.secnews.physaphae.fr/article.php?IdArticle=8627887 False Ransomware,Industrial None 2.0000000000000000 Dark Reading - Informationweek Branch Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.]]> 2024-12-19T22:45:48+00:00 https://www.darkreading.com/vulnerabilities-threats/ot-ics-engineering-workstations-malware www.secnews.physaphae.fr/article.php?IdArticle=8627701 False Malware,Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Forescout identified a new type of malware capable of terminating engineering processes, used to target Siemens engineering workstations]]> 2024-12-19T14:00:00+00:00 https://www.infosecurity-magazine.com/news/malware-engineering-ics/ www.secnews.physaphae.fr/article.php?IdArticle=8627523 False Malware,Industrial None 2.0000000000000000 Dragos - CTI Society From legacy systems to the convergence of OT, IT, and IoT, the attack surface is expanding, and traditional IT security... The post How Risk-Based Vulnerability Management Is a Game-Changer for OT Cybersecurity  first appeared on Dragos.

---

>From legacy systems to the convergence of OT, IT, and IoT, the attack surface is expanding, and traditional IT security... The post How Risk-Based Vulnerability Management Is a Game-Changer for OT Cybersecurity  first appeared on Dragos.]]> 2024-12-19T13:00:00+00:00 https://www.dragos.com/blog/how-risk-based-vulnerability-management-is-a-game-changer-for-ot-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8627517 False Vulnerability,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial A security operations center (SOC) is the nerve center of a network, monitoring traffic, devices, anomalies and alerts...

---

>A security operations center (SOC) is the nerve center of a network, monitoring traffic, devices, anomalies and alerts... ]]> 2024-12-19T08:13:32+00:00 https://industrialcyber.co/expert/how-to-create-an-effective-merged-it-ot-soc/ www.secnews.physaphae.fr/article.php?IdArticle=8627421 False Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-18T18:56:30+00:00 https://community.riskiq.com/article/4098d913 www.secnews.physaphae.fr/article.php?IdArticle=8627194 True Ransomware,Malware,Tool,Threat,Mobile,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Forescout Technologies has analyzed data from a public malware repository, revealing a persistent presence of malware targeting operational...

---

>Forescout Technologies has analyzed data from a public malware repository, revealing a persistent presence of malware targeting operational... ]]> 2024-12-18T13:23:33+00:00 https://industrialcyber.co/control-device-security/new-forescout-research-details-persistent-malware-threats-to-ot-ics-engineering-workstations/ www.secnews.physaphae.fr/article.php?IdArticle=8627067 False Malware,Industrial None 2.0000000000000000 Sygnia - CyberSecurity Firm Learn how to build a tailored ICS/OT threat detection strategy to safeguard critical infrastructure. Explore Sygnia\'s four-phase framework: Know, Assess, Plan, and Optimize.

---

>Learn how to build a tailored ICS/OT threat detection strategy to safeguard critical infrastructure. Explore Sygnia\'s four-phase framework: Know, Assess, Plan, and Optimize. ]]> 2024-12-18T09:49:24+00:00 https://www.sygnia.co/blog/ics-ot-threat-detection-strategy/ www.secnews.physaphae.fr/article.php?IdArticle=8629006 False Threat,Industrial None 3.0000000000000000 Dragos - CTI Society Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q3 2024  first appeared on Dragos.

---

>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q3 2024  first appeared on Dragos.]]> 2024-12-17T13:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q3-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8626575 False Ransomware,Threat,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-16T12:50:03+00:00 https://community.riskiq.com/article/8d1747e7 www.secnews.physaphae.fr/article.php?IdArticle=8626055 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Mobile,Industrial,Prediction,Cloud APT C 60 2.0000000000000000 Global Security Mag - Site de news francais Opinion

---

Empowering Manufacturing Security: OTORIO and Cyberscope\'s Collaborative Approach to OT Cyber Resilience - Opinion]]> 2024-12-16T12:14:35+00:00 https://www.globalsecuritymag.fr/empowering-manufacturing-security-otorio-and-cyberscope-s-collaborative.html www.secnews.physaphae.fr/article.php?IdArticle=8626035 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial As the curtain closes on 2024, the critical infrastructure and OT (operational technology) sectors reflect upon a year... ]]> 2024-12-15T08:02:17+00:00 https://industrialcyber.co/features/2024-in-retrospect-lessons-learned-and-cyber-strategies-shaping-future-of-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8625440 False Industrial None 3.0000000000000000 The Register - Site journalistique Anglais IOCONTROL targets IoT and OT devices from a ton of makers, apparently An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.…]]> 2024-12-13T23:56:13+00:00 https://go.theregister.com/feed/www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8624810 False Malware,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-13T23:02:14+00:00 https://community.riskiq.com/article/5fa3e494 www.secnews.physaphae.fr/article.php?IdArticle=8624830 False Malware,Tool,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iran-affiliated threat actors have been linked to a new custom malware that\'s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras, routers, programmable]]> 2024-12-13T17:14:00+00:00 https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8624551 False Malware,Threat,Industrial None 4.0000000000000000 Dragos - CTI Society This blog is part of a blog series detailing best practices for operational technology (OT) cybersecurity for under-resourced organizations by... The post OT Cybersecurity Best Practices for SMBs: Identity and Access Management in OT first appeared on Dragos.

---

>This blog is part of a blog series detailing best practices for operational technology (OT) cybersecurity for under-resourced organizations by... The post OT Cybersecurity Best Practices for SMBs: Identity and Access Management in OT first appeared on Dragos.]]> 2024-12-13T15:00:00+00:00 https://www.dragos.com/blog/ot-cybersecurity-best-practices-for-smbs-identity-and-access-management-in-ot/ www.secnews.physaphae.fr/article.php?IdArticle=8624641 False Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty]]> 2024-12-13T11:15:00+00:00 https://www.infosecurity-magazine.com/news/malware-nation-sate-industrial/ www.secnews.physaphae.fr/article.php?IdArticle=8624530 False Malware,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Researchers from Claroty\'s Team82 arm have obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by...

---

>Researchers from Claroty\'s Team82 arm have obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by... ]]> 2024-12-13T10:18:04+00:00 https://industrialcyber.co/news/iran-linked-iocontrol-malware-targets-critical-iot-ot-infrastructure-in-israel-us/ www.secnews.physaphae.fr/article.php?IdArticle=8624508 False Malware,Industrial None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-12T22:03:04+00:00 https://community.riskiq.com/article/c893da4a www.secnews.physaphae.fr/article.php?IdArticle=8624288 False Malware,Tool,Threat,Industrial None 3.0000000000000000 Bleeping Computer - Magazine Américain Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...]]]> 2024-12-12T15:46:32+00:00 https://www.bleepingcomputer.com/news/security/new-iocontrol-malware-used-in-critical-infrastructure-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8624213 False Malware,Threat,Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial DeNexus, a vendor of end-to-end cyber risk management for OT (operational technology), announced the expansion of its cyber... ]]> 2024-12-12T13:00:19+00:00 https://industrialcyber.co/news/denexus-expands-derisk-solution-to-boost-physical-security-for-data-centers-justifying-cybersecurity-investments/ www.secnews.physaphae.fr/article.php?IdArticle=8624014 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Rising convergence of OT and IT in today’s interconnected industrial landscape evidently brings about heightened innovation and efficiency...

---

>Rising convergence of OT and IT in today’s interconnected industrial landscape evidently brings about heightened innovation and efficiency... ]]> 2024-12-11T10:36:52+00:00 https://industrialcyber.co/expert/securing-the-future-a-comprehensive-guide-to-industrial-cyber-risk-management/ www.secnews.physaphae.fr/article.php?IdArticle=8623370 False Industrial None 3.0000000000000000 Zataz - Magazine Francais de secu Le service pirate STCC propose des capacités de look-up industriel avancées, gagnant en popularité sur les forums cybercriminels....]]> 2024-12-11T10:18:33+00:00 https://www.zataz.com/lookup-hack-phone/ www.secnews.physaphae.fr/article.php?IdArticle=8623369 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Researchers from Nozomi Networks Labs analyzed a Phoenix Contact mGuard industrial router, uncovering 12 vulnerabilities during a comprehensive... ]]> 2024-12-11T10:14:18+00:00 https://industrialcyber.co/industrial-cyber-attacks/nozomi-detects-12-security-flaws-in-phoenix-contact-mguard-industrial-router-risking-remote-code-execution/ www.secnews.physaphae.fr/article.php?IdArticle=8623372 False Vulnerability,Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems]]> 2024-12-10T14:45:00+00:00 https://www.infosecurity-magazine.com/news/utility-companies-42-surge/ www.secnews.physaphae.fr/article.php?IdArticle=8622897 False Ransomware,Industrial None 2.0000000000000000 Dragos - CTI Society The use of multiple firewall products from different vendors in operational technology (OT) networks has sparked significant debate in the... The post Exploring the Use of Multi-Vendor Firewalls in OT Network Security first appeared on Dragos.

---

>The use of multiple firewall products from different vendors in operational technology (OT) networks has sparked significant debate in the... The post Exploring the Use of Multi-Vendor Firewalls in OT Network Security first appeared on Dragos.]]> 2024-12-09T19:14:09+00:00 https://www.dragos.com/blog/exploring-the-use-of-multi-vendor-firewalls-in-ot-network-security/ www.secnews.physaphae.fr/article.php?IdArticle=8622421 False Industrial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-09T15:40:00+00:00 https://community.riskiq.com/article/d84dfe4f www.secnews.physaphae.fr/article.php?IdArticle=8622342 False Malware,Tool,Threat,Industrial,Conference,Technical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial A recent report from Ordr has revealed the increasing dangers posed by unmanaged, agentless assets. The report emphasizes...

---

>A recent report from Ordr has revealed the increasing dangers posed by unmanaged, agentless assets. The report emphasizes... ]]> 2024-12-09T14:01:21+00:00 https://industrialcyber.co/reports/new-ordr-report-reveals-rising-threat-of-unmanaged-iot-and-ot-devices-endangers-enterprises/ www.secnews.physaphae.fr/article.php?IdArticle=8622266 False Threat,Industrial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-12-09T12:22:03+00:00 https://community.riskiq.com/article/86d339a0 www.secnews.physaphae.fr/article.php?IdArticle=8622260 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Prediction APT 45 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Aligning risk and consequence-based approaches across IT and OT environments is crucial for robust cybersecurity. In assessing risk... ]]> 2024-12-08T07:31:25+00:00 https://industrialcyber.co/features/harmonizing-risk-and-consequence-strategies-across-it-and-ot-environments-for-greater-cyber-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8621597 False Industrial None 2.0000000000000000 Dragos - CTI Society Operational technology (OT) environments are vital systems that keep industries like manufacturing, energy, and transportation running. These systems are facing... The post 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity   first appeared on Dragos.

---

>Operational technology (OT) environments are vital systems that keep industries like manufacturing, energy, and transportation running. These systems are facing... The post 3 Common Cyber Threat Intelligence (CTI) Challenges to Overcome in OT Cybersecurity   first appeared on Dragos.]]> 2024-12-06T18:35:45+00:00 https://www.dragos.com/blog/3-common-cyber-threat-intelligence-cti-challenges-to-overcome-in-ot-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8620794 False Threat,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Nozomi Networks Labs identified several security vulnerabilities in the Wago PLC 750-8216/025-001, a programmable logic controller used in... ]]> 2024-12-06T11:58:33+00:00 https://industrialcyber.co/control-device-security/nozomi-detects-security-vulnerabilities-in-wago-plc-firmware-updated-to-prevent-privilege-escalation/ www.secnews.physaphae.fr/article.php?IdArticle=8620599 False Data Breach,Vulnerability,Industrial None 4.0000000000000000 Dark Reading - Informationweek Branch By understanding the unique challenges of protecting IoT and OT devices, organizations can safeguard these critical assets against evolving cyber threats.]]> 2024-12-05T15:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/vulnerability-management-challenges-iot-ot-environments www.secnews.physaphae.fr/article.php?IdArticle=8620128 False Vulnerability,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Nozomi Networks, a provider of OT (operational technology) and IoT security, and Advens announced they have partnered to... ]]> 2024-12-05T13:59:47+00:00 https://industrialcyber.co/news/nozomi-networks-advens-team-to-deliver-cybersecurity-services-to-industrial-and-critical-infrastructure-environments/ www.secnews.physaphae.fr/article.php?IdArticle=8620074 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Cyber Readiness Institute (CRI), Foundation for Defense of Democracies (FDD), and Microsoft published on Wednesday an interim... ]]> 2024-12-05T11:01:25+00:00 https://industrialcyber.co/utilities-energy-power-water-waste/cri-fdd-microsoft-publish-resiliency-for-water-utilities-pilot-interim-report-launch-phase-2/ www.secnews.physaphae.fr/article.php?IdArticle=8619987 False Industrial None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber In a post-Colonial Pipeline world, DOT and TSA leaders say they\'re pursuing a cross-sector approach to protecting operational technology.

---

>In a post-Colonial Pipeline world, DOT and TSA leaders say they\'re pursuing a cross-sector approach to protecting operational technology. ]]> 2024-12-04T18:08:23+00:00 https://cyberscoop.com/operational-technology-cybersecurity-challenges-collaboration-strategies-department-of-transportation/ www.secnews.physaphae.fr/article.php?IdArticle=8619611 False Industrial None 3.0000000000000000 Global Security Mag - Site de news francais Business

---

Nozomi Networks et Advens s\'associent pour offrir des services de cybersécurité avancés aux environnements industriels et d\'infrastructures critiques • • La visibilité OT et IoT, la détection des menaces et la gestion des risques de Nozomi Networks sont désormais intégrées aux services managés de sécurité d\'Advens, disponibles à travers toute l\'Europe. • Parmi les clients bénéficiant de ce partenariat MSSP figurent Les Jeux olympiques de Paris - Business]]> 2024-12-04T14:40:13+00:00 https://www.globalsecuritymag.fr/nozomi-networks-et-advens-s-associent-pour-offrir-des-services-de-cybersecurite.html www.secnews.physaphae.fr/article.php?IdArticle=8619494 False Threat,Industrial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Managed detection and response (MDR) is forecasted to be the highest growth area of security services, with a projected 17.1 percent CAGR through 2028. This is in part due to the continued, acute need for support with threat monitoring, detection, and response. However, it’s also due to a growing need for help with risk identification, management and governance, exposure and vulnerability management, and incident readiness due to increasingly stringent requirements by regulators for reporting in these areas. Let’s compare that to the forecasted growth rate of network security products (a 9.9 percent 5-year CAGR, 2023-28, projected to reach $32.8 billion) and security software spending (a 13.4 percent 5-year CAGR, 2023-28, projected to reach $132.0 billion). What’s the storyline? The desire for help and expertise within security is as critical as the need for security products themselves. And, as the threat landscape grows ever-more formidable, especially with adversaries leveraging new AI tech, that need is likely not going to wane.  With this growing demand, many, many different (and very large) providers have realized the opportunity in security services and are diving into the security services market for their piece of the “cyber money pie.” This includes everyone from software vendors, telecom companies, cloud service providers, IT service providers and traditional IT consulting firms to global MSPs (managed service providers) and MSSPs (managed security service providers). This is creating a very crowded market, and one in which business models are quickly changing so providers can better compete. For example, many organizations now see some of the big consultancies as a “one-stop shop,” for everything from consulting to MDR. In managed security services, for example, the top 10 MSSPs include (alphabetically): Accenture, Atos, AT&T (LevelBlue), Deloitte, Fortinet, Leidos, HCL Tech, NTT Data, PwC, and Tata Consultancy Services. Together, these providers hold 49 percent of MSS market share worldwide. Extending beyond the top 10 to top the 30 global MSS providers, the total “owned” market share jumps to 88 percent, leaving just 12 percent for the smaller, regional players. The raises several questions. Can the smaller, regional players compete against these big guns? Or, do they have to remain satisfied with fighting over the remaining 12 percent market share globally (which equates to approximately $3.5 million worldwide for MSS in 2025). Is it possible for smaller players to take a portion of the $26 million projected 2025 market share from the top 30? How can smaller, regional players win the security service game? Yes, smaller, regional service providers are going to be the most challenged as the services market continues its rapid evolution, especially as they try to keep up with technology changes, AI’s impact on service delivery, cyber skills shortages, and more. However, they also have an advantage, including the ability to: Specialize in industry or specific tech environments such as OT, cloud, or edge Provide regional context (including culture and language support) Partner with the larger players who can’t be everything to everyone  This is wh]]> 2024-12-04T14:00:00+00:00 https://levelblue.com/blogs/security-essentials/how-regional-service-providers-can-grab-a-larger-share-of-the-cybersecurity-market www.secnews.physaphae.fr/article.php?IdArticle=8619456 False Vulnerability,Threat,Industrial,Cloud Deloitte 2.0000000000000000 Dragos - CTI Society Operational technology (OT) systems in electric utilities, manufacturing organizations, and oil and gas companies face unique cybersecurity challenges. Traditional IT-focused... The post How to Prioritize Vulnerabilities in Your OT Environment with Risk-Based Vulnerability Management   first appeared on Dragos.

---

>Operational technology (OT) systems in electric utilities, manufacturing organizations, and oil and gas companies face unique cybersecurity challenges. Traditional IT-focused... The post How to Prioritize Vulnerabilities in Your OT Environment with Risk-Based Vulnerability Management   first appeared on Dragos.]]> 2024-12-03T18:51:02+00:00 https://www.dragos.com/blog/how-to-prioritize-vulnerabilities-with-risk-based-vulnerability-management-in-ot/ www.secnews.physaphae.fr/article.php?IdArticle=8619043 False Vulnerability,Industrial None 2.0000000000000000 Global Security Mag - Site de news francais Product Reviews

---

Integrity360 launches Managed ASM to address complex attack surfaces and strengthen OT and IoT cyber resilience - Product Reviews]]> 2024-12-03T09:29:45+00:00 https://www.globalsecuritymag.fr/integrity360-launches-managed-asm.html www.secnews.physaphae.fr/article.php?IdArticle=8618917 False Industrial None 2.0000000000000000 ZD Net - Magazine Info The AAWireless Two won\'t charm you with a ground-breaking industrial design or an edgy name, but it\'s as good as these adapters get - and back in stock for Cyber Monday.]]> 2024-12-02T15:40:00+00:00 https://www.zdnet.com/article/i-finally-found-a-wireless-android-auto-adapter-thats-reliable-and-affordable-and-its-in-stock-again/ www.secnews.physaphae.fr/article.php?IdArticle=8618731 False Mobile,Industrial None 1.00000000000000000000 IndustrialCyber - cyber risk firms for industrial With the rapid transformation in industrial cybersecurity, opportunities are becoming more and more open to women in technical...

---

>With the rapid transformation in industrial cybersecurity, opportunities are becoming more and more open to women in technical... ]]> 2024-12-01T10:10:24+00:00 https://industrialcyber.co/features/leveling-the-playing-field-developing-technical-expertise-and-strategic-role-for-women-in-ics/ www.secnews.physaphae.fr/article.php?IdArticle=8618436 False Industrial,Technical None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published this week five ICS (industrial control systems) advisories and... ]]> 2024-11-29T18:36:23+00:00 https://industrialcyber.co/cisa/cisa-issues-urgent-ics-advisories-on-hardware-flaws-in-schneider-electric-hitachi-energy-philips-vue-equipment/ www.secnews.physaphae.fr/article.php?IdArticle=8618281 False Industrial None 4.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Zero days under attack, a new advisory from \'Five Eyes\', thousands of ICS units left exposed, and mandatory MFA for all – it\'s a wrap on another month filled with impactful cybersecurity news]]> 2024-11-29T12:53:00+00:00 https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2024-edition/ www.secnews.physaphae.fr/article.php?IdArticle=8648730 False Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,]]> 2024-11-28T22:27:00+00:00 https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html www.secnews.physaphae.fr/article.php?IdArticle=8618174 False Vulnerability,Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Customers of Advantech\'s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions]]> 2024-11-28T11:15:00+00:00 https://www.infosecurity-magazine.com/news/critical-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8618146 False Vulnerability,Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Waterfall Security, a vendor of cybersecurity solutions for protecting industrial control systems and operational technology (OT) environments, and...

---

>Waterfall Security, a vendor of cybersecurity solutions for protecting industrial control systems and operational technology (OT) environments, and... ]]> 2024-11-28T10:52:22+00:00 https://industrialcyber.co/news/waterfall-security-adaptit-join-forces-to-boost-cybersecurity-for-critical-operations-across-europe/ www.secnews.physaphae.fr/article.php?IdArticle=8618140 False Industrial None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Researchers at Nozomi Networks Labs analyzed version 1.6.2 of the EKI-6333AC-2G, an industrial-grade wireless access point, uncovering 20... ]]> 2024-11-28T08:52:32+00:00 https://industrialcyber.co/vulnerabilities/critical-vulnerabilities-in-advantech-industrial-wireless-access-points-expose-critical-infrastructure-to-cyber-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8618127 False Vulnerability,Industrial None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial Xona Systems, a provider of secure access solutions for critical infrastructure and OT (operational technology) environments, announced its...

---

>Xona Systems, a provider of secure access solutions for critical infrastructure and OT (operational technology) environments, announced its... ]]> 2024-11-28T08:51:56+00:00 https://industrialcyber.co/news/xona-systems-expands-into-middle-east-to-enhance-cybersecurity-for-critical-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8618128 False Industrial None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite In an era of increasingly sophisticated cyber threats, the U.S. Department of Defense (DoD) has introduced the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) to bolster the cybersecurity posture of its Defense Industrial Base (DIB). This updated framework aims to ensure that contractors and subcontractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) [...]]]> 2024-11-28T07:35:32+00:00 https://informationsecuritybuzz.com/what-is-cmmc-2-0-why-compliance-crucia/ www.secnews.physaphae.fr/article.php?IdArticle=8618123 False Industrial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-26T21:02:38+00:00 https://community.riskiq.com/article/db8b4022 www.secnews.physaphae.fr/article.php?IdArticle=8617948 False Ransomware,Malware,Tool,Threat,Industrial None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-11-26T14:37:00+00:00 https://levelblue.com/blogs/security-essentials/what-are-computer-worms www.secnews.physaphae.fr/article.php?IdArticle=8618712 False Ransomware,Data Breach,Spam,Malware,Tool,Vulnerability,Threat,Patching,Mobile,Industrial,Medical,Technical Wannacry 2.0000000000000000 Dragos - CTI Society We are excited to announce the launch of the new “Ask Dragos Intel” blog series, created to provide you with... The post Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series first appeared on Dragos.

---

>We are excited to announce the launch of the new “Ask Dragos Intel” blog series, created to provide you with... The post Get Your OT Cyber Threat Questions Answered in the “Ask Dragos Intel” Blog Series first appeared on Dragos.]]> 2024-11-25T13:00:00+00:00 https://www.dragos.com/blog/get-your-ot-cyber-threat-questions-answered-by-dragos-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8617575 False Threat,Industrial None 3.0000000000000000