< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 11 of 20

NCSC Warns of Pro-Russian DDoS Targeting UK Services

⚠️ The UK's National Cyber Security Centre (NCSC) warns that pro‑Russian hacktivist groups are conducting distributed denial-of-service (DDoS) attacks against British organisations, particularly local government and critical infrastructure operators. These attacks are typically low in technical sophistication but can still deny access, disrupt services and impose substantial recovery costs. The NCSC advises organisations and OT owners to review and harden defences, work with ISPs and CDNs, design scalable services, retain administrative access during incidents, and regularly test mitigations.
read more →

EU Commission Proposal Would Allow Bans on High-Risk Vendors

🔒 The EU Commission has proposed a legal mechanism to ban network-equipment vendors it considers high-risk, a move widely seen as targeting Chinese firms such as Huawei and ZTE though the draft does not name specific companies. The plan would let Brussels require member states to replace prohibited technology in critical infrastructure within three years. It would also strengthen ENISA with additional staff and funding to coordinate EU-wide cybersecurity and ransomware defenses.
read more →

EU Cybersecurity Overhaul to Bar High-Risk Suppliers

🔒 The European Commission has proposed a comprehensive cybersecurity package that would require the removal of high-risk suppliers from sensitive telecommunications networks and give Brussels authority to coordinate EU-wide risk assessments. The measure aims to strengthen defenses against state-backed actors and cybercrime targeting critical infrastructure while addressing uneven uptake of the 2020 5G Security Toolbox. The proposal also expands ENISA's remit to issue early threat alerts, centralize incident reporting, streamline voluntary certification, and support joint assessments across 18 critical sectors, with member states required to transpose changes within one year of approval.
read more →

Schneider Electric Foxboro DCS Intel Side-Channel Issue

⚠️ Schneider Electric published an advisory about a side‑channel vulnerability disclosed by Intel (CVE-2018-12130) that affects EcoStruxure Foxboro DCS Virtualization Server (V91) and Standard Workstation (H92). An authenticated user with local access could exploit the CPU issue to enable information disclosure, risking loss of system functionality or unauthorized access. Schneider Electric directs customers to migrate to updated server (V95) and workstation (Dell D96) hardware or, if immediate migration is not feasible, to apply BIOS and OS security patches and follow layered defense-in-depth recommendations.
read more →

Rockwell Verve Asset Manager: Two High-Risk Storage Flaws

🔒 Rockwell Automation reported two high-severity vulnerabilities in Verve Asset Manager affecting legacy components: the ADI server and the Ansible playbook. Both issues can result in unencrypted sensitive information being stored in environment variables or during playbook execution and are rated CVSS 7.2 and 7.9. Rockwell states the flaws are resolved in 1.42; organizations should upgrade and contact Rockwell TechConnect for assistance. CISA also recommends minimizing network exposure and using secure remote access such as up-to-date VPNs.
read more →

CODESYS Runtime Vulnerabilities Affecting Schneider Electric

⚠️ Schneider Electric warns that multiple vulnerabilities in the CODESYS Runtime System V3 communication server affect many Schneider products and third-party devices embedding CODESYS. Exploitable issues include denial-of-service and, in some configurations, remote code execution; several CVEs carry CVSS scores up to 8.8. Schneider has published patches and mitigations for many affected product families; operators should apply vendor updates and follow immediate network and access controls to reduce exposure.
read more →

Mitigating the Y2K38 Vulnerability in Organizations

⚠️ Organizations should treat the Y2K38 'Epochalypse' as an actionable vulnerability with a fixed deadline: 19 January 2038 at 03:14:07 UTC. Caused by 32‑bit signed Unix epoch counters overflowing, it can roll devices back to 1901 and disrupt payments, medical equipment, industrial control, and certificate validation. Effective mitigation requires a comprehensive inventory, vendor coordination, isolated testing, and migration to 64‑bit time or replacement.
read more →

UK: Ongoing Russian Hacktivist DDoS Attacks Target Services

🚨 The U.K.'s National Cyber Security Centre (NCSC) warns of sustained disruptive DDoS activity from pro‑Russian hacktivists, notably NoName057(16), which operates the crowdsourced DDoSia platform that mobilises volunteers and offers rewards. Despite arrests and server takedowns during Operation Eastwood, the group has re-emerged and continues to target critical infrastructure, local government and OT systems. The NCSC advises strengthening upstream ISP/CDN protections, designing for rapid scaling, rehearsing response plans for graceful degradation, and continuous testing to reduce downtime and recovery costs.
read more →

NCSC Warns of Ongoing Russian-Aligned DDoS Pressure

⚠️ The UK National Cyber Security Centre (NCSC) has issued an alert about ongoing disruptive cyber activity by Russian-aligned hacktivist groups targeting UK organisations, with local government and critical national infrastructure singled out. The campaigns mainly use denial-of-service (DoS/DDoS) attacks to overwhelm websites and online systems, taking services offline. The advisory highlights groups such as NoName05716, their coordination via Telegram and the hosting of tooling on GitHub, and urges organisations to review DoS protections, strengthen resilience and engage with NCSC threat collection.
read more →

China-linked Hackers Exploited Sitecore Zero-Day Access

🔒 Cisco Talos describes an actor tracked as UAT-8837, active since at least 2025, that targeted North American critical infrastructure to gain initial access. The group exploited both compromised credentials and a Sitecore ViewState deserialization zero-day (CVE-2025-53690), with Mandiant linking the flaw to deployment of the WeepSteel reconnaissance backdoor. Post-compromise activity focused on credential theft, Active Directory enumeration, and use of living-off-the-land utilities and open-source tools to evade detection.
read more →

China-Linked APT Exploits Sitecore Zero-Day in US

⚠️ Cisco Talos says a China-aligned advanced persistent threat tracked as UAT-8837 has been leveraging a critical Sitecore zero-day (CVE-2025-53690, CVSS 9.0) to gain initial access to North American critical infrastructure. The actor uses both exploit-based access and compromised credentials, then deploys open-source tools for credential harvesting, Active Directory reconnaissance, and persistent remote access. Observed artifacts include GoTokenTheft, EarthWorm, DWAgent, SharpHound, Impacket, Rubeus, and Certipy, raising supply chain and OT exposure concerns.
read more →

Global Agencies Publish Secure Connectivity Guidance for OT

🔐 The US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC) and the Federal Bureau of Investigation (FBI), alongside international partners, have released principles to secure operational technology (OT) connectivity. Led by NCSC-UK, the guidance offers a shared framework to design and manage secure connectivity across OT environments. It emphasizes embedding cybersecurity into network design to reduce exposure to both state-backed and opportunistic adversaries. The document warns that increased interconnection brings benefits such as real-time analytics and predictive maintenance, but also raises risks that could cause physical harm, environmental damage or service disruption.
read more →

Critical RCE in n8n Forces Immediate Global Remediation

🚨 A critical remote code execution vulnerability, CVE-2026-21858 (CVSS 10.0), has been disclosed in n8n, allowing attackers to fully compromise locally deployed instances. Researchers estimate roughly 100,000 servers are affected and there are no official workarounds available. The n8n project has released a patched build; users must upgrade to n8n version 1.121.0 or later to remediate the issue. Administrators should prioritize patching and follow vendor advisories immediately.
read more →

UAT-8837 APT Targets North American Critical Systems

🔍 Cisco Talos is tracking UAT-8837, an assessed China-nexus APT that since 2025 has focused on obtaining initial access to high-value and critical infrastructure organizations in North America. The actor uses both n-day and zero-day exploits (including CVE-2025-53690 in SiteCore) and often deploys open-source tooling—Earthworm, SharpHound, DWAgent, Certipy, and GoTokenTheft—to harvest credentials, enumerate Active Directory, and create remote tunnels. Operators perform hands-on-keyboard reconnaissance, create backdoored accounts and remote admin access, and cycle tools when endpoint protections block their payloads. Talos provides IOCs, Snort rules, and ClamAV signatures to detect and mitigate this activity.
read more →

International Principles for Secure OT Connectivity

🛡️ CISA, the UK’s NCSC, the FBI and international partners published the Secure Connectivity Principles for Operational Technology (OT), a joint guide led by NCSC‑UK to mitigate insecure and exposed connectivity and defend against opportunistic and nation‑state cyber threats. The guidance provides a practical framework and eight key principles to help OT owners and operators design, secure, and manage connectivity. Agencies also urge OT device manufacturers and integrators to embrace secure‑by‑design practices and recommend organizations assess OT connectivity and implement mitigations to strengthen critical infrastructure resilience.
read more →

Secure Connectivity Principles for OT — CISA, NCSC-UK

🔒 CISA and the UK National Cyber Security Centre (NCSC-UK) issued Secure Connectivity Principles for Operational Technology (OT) to help asset owners manage increasing connectivity demands. The guidance provides an eight‑principle framework to design, secure, and operate network access into OT environments. It targets operators of essential services and aligns with federal and international collaboration. Stakeholder feedback is invited through a CISA product survey.
read more →

Cyberattack Suspected After False Active-Shooter Siren

🚨 On Saturday, 10 January, the city of Halle (Saale) experienced a widespread false alarm when all sirens sounded around 10:00 p.m., accompanied by an English announcement: “Active shooter. Lockdown now.” City officials, including Mayor Alexander Vogt and security head Tobias Teschner, said the alert was likely triggered by external access to the siren system and not by local, state, or federal authorities. Authorities have secured the system, filed a police report, and are investigating; the municipal website was briefly unavailable due to high visitor traffic rather than a targeted DDoS, and resilience measures have been implemented.
read more →

Belgian Hospital AZ Monica Shuts Down Servers Amid Outage

🔒 Belgian hospital AZ Monica disconnected all servers at 6:32 AM after a cyberattack that forced the cancellation of scheduled procedures and slowed emergency operations. The Emergency Department is operating at reduced capacity and MUG and PIT services are currently offline; seven critical patients were transferred to other hospitals. The hospital has notified authorities and is monitoring the situation while staff rely on paper records; officials have not confirmed whether ransomware was involved.
read more →

Iran Protests Trigger Nationwide Internet Shutdown

🌐 Cloudflare observed a near-total Internet blackout in Iran beginning on January 8, 2026, as national traffic fell to effectively zero in a matter of hours. Measured indicators included a 98.5% reduction in announced IPv6 address space and rapid losses at major providers such as MCCI, IranCell, and TCI. Brief, localized restorations — including access to Cloudflare’s 1.1.1.1 resolver and several university networks — were transient. Cloudflare continues to monitor the situation through Cloudflare Radar and will report updates.
read more →

Palo Alto Crosswalk Signals Used Default Passwords

⚠️ Palo Alto discovered last year that several municipal crosswalk signal controllers were accessible with unchanged factory credentials. City staff never replaced the devices' default passwords, which allowed unauthorized parties to alter pedestrian signal timing remotely. The incident underscores failures in procurement and operational security. It also illustrates the need for continuous asset inventory, patching, and credential management across infrastructure.
read more →