< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 12 of 20

Unencrypted TETRA Radio Leaves German Critical Sites Exposed

⚠️ Many German critical infrastructure organizations are transmitting over unencrypted digital radio, creating an easily exploitable interception vector. Wirtschaftswoche reports that prisons, airports and energy providers are operating TETRA networks without encryption—often citing cost reasons—while police networks remain multi-layer encrypted. AG Kritis calls the situation a security-policy disgrace, warning that a laptop, free software and modest technical skill are sufficient to eavesdrop and capture confidential information, potentially endangering supply security and lives.
read more →

Critical RCE in Hitachi Energy Asset Suite (Jasper)

⚠️ Hitachi Energy has disclosed a critical remote code execution vulnerability in Asset Suite, caused by a Java deserialization flaw in the Jaspersoft library (CVE-2025-10492). The issue affects Asset Suite versions 9.7 and earlier and carries a CVSS v3.1 base score of 9.8 — allowing attackers to execute arbitrary code on vulnerable systems. Hitachi Energy advises upgrading to version 9.8 to remediate the defect. Until patched, administrators should restrict loading of external custom reports, segment networks, and deny internet exposure for control system devices.
read more →

UAT-7290: China-Nexus APT Targeting Telecom Edge Devices

🔍 Cisco Talos discloses UAT-7290, a China‑nexus APT active since at least 2022 that targets telecommunications infrastructure in South Asia and has recently expanded into Southeastern Europe. The actor conducts extensive reconnaissance, uses one‑day exploits and target-specific SSH brute force, and primarily deploys a Linux-centric toolset including RushDrop, DriveSwitch, SilentRaid, and Bulbature. Talos notes UAT-7290 also provisions Operational Relay Box (ORB) nodes that may support other China-nexus operators and provides ClamAV and Snort signatures for detection.
read more →

Taiwan Faces Surge in Chinese Cyber Intrusion Attempts

🔎 Taiwan’s National Security Bureau (NSB) reports a dramatic rise in Chinese-sourced cyber intrusion attempts against the island’s critical infrastructure in 2025, totaling 960,620,609 recorded attempts. The NSB highlights a tenfold surge against the energy sector and a 54% rise targeting emergency rescue and hospitals, while water resources and finance saw notable declines. Top groups named include BlackTech, Mustang Panda and APT41, which used vulnerability exploitation, DDoS, social engineering and supply-chain methods, often timed to coincide with military or political events.
read more →

n8n Ni8mare: Critical unauthenticated RCE (CVE-2026-21858)

⚠️ A maximum-severity flaw, CVE-2026-21858 (Ni8mare), in n8n allows unauthenticated remote attackers to read local files, forge administrator sessions, and achieve remote code execution by exploiting a Content-Type parsing confusion that can override req.body.files. The bug affects releases up to and including 1.65.0 and was fixed in 1.121.0 (released November 18, 2025). Operators should upgrade immediately, avoid exposing n8n publicly, and restrict or disable public webhooks and form endpoints until patched.
read more →

Taiwan: China's Cyberattacks on Energy Sector Rose Tenfold

🛡️ Taiwan's National Security Bureau (NSB) reports a tenfold increase in cyberattacks against the country's energy sector in 2025 compared to 2024. The NSB said incidents tied to China rose 6% overall and affected nine critical sectors, with spikes timed around political events and military activity. Observed attack methods included exploitation of hardware and software vulnerabilities, DDoS, social engineering, and supply-chain compromises targeting industrial control systems and upgrade windows.
read more →

U.S. Cyber Operations Alleged in Venezuela Power Outage

🔍 President Donald Trump suggested that U.S. cyber operations or other technical measures were used to cut power in Caracas during strikes that preceded the capture of Nicolás Maduro. If confirmed, this would be a rare, overt instance of U.S. offensive cyber action. Such operations are typically classified, and public details, technical indicators, and independent verification remain scarce. The claim raises significant legal and diplomatic concerns.
read more →

UK Launches Government Cyber Unit and Ambassador Scheme

🔐 The UK government has launched a Government Cyber Unit and a Software Security Ambassador Scheme under a £210m Cyber Action Plan to boost public sector resilience. The unit, led by the Government Chief Information Security Officer within the Department for Science, Innovation and Technology, will coordinate risk management and incident response across departments. The ambassador scheme promotes the voluntary Software Security Code of Practice and has drawn participants such as Cisco and Santander. While welcomed by many, some experts warn the funding may be insufficient to address the scale of threats exposed by recent 2025 incidents.
read more →

Taiwan Faces 2.6M Daily Chinese Cyberattacks in 2025

⚠️ Taiwan's National Security Agency reported that Chinese cyberattacks targeting the island's critical infrastructure rose 6% in 2025, averaging 2.6 million attacks per day. The assaults mainly focused on the energy sector, hospitals, banks and emergency services, and extended to the semiconductor industry, including TSMC. Attackers employed large-scale denial-of-service and man-in-the-middle techniques to disrupt operations and exfiltrate data. Many incidents reportedly coincided with Chinese military exercises and high-profile political events, while Beijing denies involvement.
read more →

Strategic Imperative for OT/IT Convergence and Security

🔐 The convergence of operational technology (OT) and information technology (IT) creates major business opportunities but also introduces significant cybersecurity complexity and risk. Legacy OT equipment, cultural divides between OT and IT teams, and a historical focus on uptime over security increase exposure as organisations digitise critical infrastructure. Leaders must embed security by design, address compliance such as NIS2, and unite teams to manage cloud, AI and device proliferation.
read more →

Romanian Energy Provider Hit by Gentlemen Ransomware

🔒 Oltenia Energy Complex, Romania's largest coal-based energy producer, suffered a ransomware attack on the second day of Christmas that disrupted its IT infrastructure. Some documents were encrypted and key applications — including ERP, document management, email, and the corporate website — became temporarily unavailable. The company said operations were only partially affected and the National Energy System was not jeopardized while teams rebuild systems from backups and cooperate with authorities.
read more →

La Poste Offline After Major DDoS Disrupts Services

🔴 La Poste's main website and multiple digital services were taken offline by a major DDoS attack on Monday, and access remained impaired as of Wednesday morning. While email (laposte.net) and Digiposte reportedly stayed operational, online banking, the La Poste app and digital identity services were described as "temporarily inaccessible." The incident also disrupted physical operations, with some Paris post offices turning customers away. La Poste says teams are fully mobilized while analysts warn the timing suggests possible state-sponsored or hacktivist motives.
read more →

French postal service disrupted by suspected DDoS attack

⚠️ France’s national postal service, La Poste, experienced a widespread network outage lasting more than twelve hours that affected its website, mobile app, digital document service Digiposte, and a digital ID service. Counter services remained operational, but the banking arm, Banque Postale, saw its app and online services go offline. Payments and SMS verification reportedly continued to function. Officials have not confirmed a cause; Le Monde Informatique has cited a suspected DDoS attack.
read more →

Major Network Incident Knocks Offline La Poste Services

🚨 La Poste, France’s national postal service, reported a 'major network incident' that knocked its information systems offline and disrupted its website, mobile app, digital identity service and the Digiposte document platform. La Banque Postale said online and mobile banking were affected but core banking functions — ATM withdrawals, in-store card payments, interbank exchanges and WERO transfers — remained operational. French media cited a suspected DDoS attack; La Poste has not provided a restoration timeline.
read more →

Denmark Attributes Two Destructive Cyberattacks to Russia

🔒 The Danish Defence Intelligence Service (DDIS) publicly attributed two separate cyber operations to Russian-linked actors. It said a pro-Russian group known as Z-Pentest carried out a destructive intrusion against a Danish water utility in 2024, while NoName057(16), an actor with ties to the Russian state, mounted disruptive DDoS attacks against Danish websites ahead of municipal and regional elections in November. Danish authorities characterized the incidents as part of a broader pattern of state-aligned cyber coercion and disruption.
read more →

FCC Bans Foreign-Made Drones and Critical Components

🚫 The FCC has placed foreign-made uncrewed aircraft systems (UAS) and critical UAS components on its Covered List, citing national security concerns and provisions of the 2025 NDAA. The action targets China-made vendors such as DJI and Autel Robotics and covers communications, flight controllers, navigation systems, batteries, motors, and related parts. The agency said the move will reduce risks of unauthorized surveillance, data exfiltration, and destructive operations over U.S. territory while permitting DHS to exempt specific models and allowing continued use and sale of previously approved devices.
read more →

Romanian National Water Authority Hit by Ransomware

🔒 Romanian Waters (Administrația Națională Apele Române) reported a ransomware incident over the weekend that affected roughly 1,000 computer systems across the national authority and 10 of its 11 regional offices. Investigators said servers running GIS, databases, email, web services, Windows workstations and DNS were impacted, while operational technology and water infrastructure controls remained operational. Authorities reported attackers used the built-in Windows BitLocker feature to lock files and left a ransom note demanding contact within seven days; the investigation is ongoing.
read more →

DXS Confirms Cyber-Attack; NHS Services Unaffected

🔒 DXS International said it discovered a cyber-attack on 14 December that affected its office servers and disclosed the incident to the London Stock Exchange on 18 December. The company reported minimal impact, with front-line NHS clinical services remaining operational, and said it contained the breach and is investigating with NHS England and an external cybersecurity specialist. A threat actor calling itself Devman has claimed to have stolen 300GB and threatened to publish data on 20 December; that claim remains unconfirmed.
read more →

HPE OneView Critical RCE Flaw Rated CVSS 10.0, Patch

🚨 HPE has released patches for a critical remote code execution vulnerability in OneView Software, tracked as CVE-2025-37164 with a CVSS score of 10.0. The flaw affects all versions prior to 11.00; HPE published version 11.00 and hotfixes for 5.20–10.20 to mitigate it. Administrators should apply the update or hotfix promptly; certain hotfixes must be reapplied after specific upgrades or Synergy Composer reimaging.
read more →

France Arrests Crew Member Over Malware on Italian Ferry

🚨 French authorities arrested a Latvian crew member after discovery of a remote access tool aboard the Italian passenger ferry Fantastic, owned by Grandi Navi Veloci. A Bulgarian crewmember was released without charge. The malware was detected and neutralized by GNV while the ship was docked in Sète, and France's DGSI seized items for forensic analysis. Investigators are treating the case as suspected foreign interference and continue cooperation with Italian authorities.
read more →