< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 14 of 20

CISA Releases Cross-Sector Cybersecurity Goals 2.0 Update

🛡️ CISA released Cross-Sector Cybersecurity Performance Goals (CPG 2.0) providing measurable actions for critical infrastructure owners and operators to achieve a foundational cybersecurity baseline. The update aligns with the latest NIST Cybersecurity Framework revisions and incorporates lessons learned from recent incidents and threats. CPG 2.0 introduces a governance-focused component that emphasizes accountability, risk management, and the integration of cybersecurity into day-to-day operations. The goals are streamlined and outcome-driven to guide investment, benchmark progress, and reduce risk in measurable ways.
read more →

OpenPLC_V3 CSRF Vulnerability Allows Remote Changes

⚠ OpenPLC_V3 contains a Cross‑Site Request Forgery (CSRF) vulnerability that can be exploited remotely to modify PLC settings or upload malicious programs. Tracked as CVE-2025-13970, the issue affects versions prior to pull request #310 and results from missing CSRF validation. A CVSS v4 score of 7.0 (and v3 base 8.0) was calculated. Apply pull request #310 or later to mitigate this risk and limit network exposure of control devices.
read more →

CISA Releases 12 ICS Advisories Covering Multiple Vendors

🔔 CISA released 12 Industrial Control Systems (ICS) advisories detailing vulnerabilities and mitigation guidance across multiple vendors, including Johnson Controls, Siemens, and AzeoTech. The notices call out specific products such as iSTAR, SINEMA Remote Connect Server, and DAQFactory, plus open-source and medical-imaging components. Administrators and operators are encouraged to review the technical details and apply recommended mitigations to reduce exploitation risk.
read more →

Pro-Russia Hacktivists Exploit OT Exposures in US Now

🚨 A joint advisory from CISA, the FBI, the NSA and partners warns of a surge in pro‑Russia hacktivist activity exploiting exposed VNC and other internet-facing OT interfaces to breach systems across US water, food production and energy sectors. Low-skilled groups such as CARR, NoName057(16), Z-Pentest and Sector16 employ port scans, brute-force password guessing and simple reconnaissance tools to capture screenshots, alter parameters, disable alarms and force costly manual recoveries.
read more →

Ukrainian Hacker Charged for Aiding Russian Hacktivists

🔒 U.S. prosecutors arraigned 33-year-old Victoria Dubranova, accusing her of supporting Russian state-linked hacktivist groups in cyberattacks against critical infrastructure, including water systems and election-related targets. Dubranova, known by aliases such as Vika and SovaSonya, was extradited this year and has pleaded not guilty to charges tied to NoName057(16) and CyberArmyofRussia_Reborn (CARR). She faces separate trials in February and April 2026 and potential sentences of up to 27 years and 5 years under the respective indictments.
read more →

Pro-Russia Hacktivists Target Critical Infrastructure

⚠️ This joint advisory from CISA, FBI, NSA, and international partners details opportunistic intrusions by pro‑Russia hacktivist groups—CARR, NoName057(16), Z‑Pentest, and Sector16—against OT/ICS environments. Actors are exploiting internet‑exposed VNC services, using open‑source scanning and brute‑force tools to access HMI devices with default or weak credentials, causing loss of view, configuration changes, and operational downtime. The advisory urges organizations to reduce public exposure, apply network segmentation, enforce strong authentication (MFA where feasible), harden device credentials, and follow secure‑by‑design guidance for OT products.
read more →

CISA, FBI Warn: Protect Critical Infrastructure Now

🚨 CISA, the FBI, NSA, DOE, EPA, DOD’s DC3, and international partners issued a joint advisory alerting operators that pro‑Russia hacktivist groups are conducting opportunistic, low‑sophistication attacks against U.S. and global critical infrastructure. These actors exploit internet‑facing OT components (notably VNC and SCADA) and sometimes combine intrusions with DDoS. The advisory urges immediate mitigations: reduce OT exposure, improve asset management, and enforce robust authentication.
read more →

Opportunistic Pro-Russia Hacktivists Attack Critical OT

🔒CISA, alongside the FBI, NSA, DOE, EPA, the Department of Defense Cyber Crime Center, and international partners, published a joint advisory describing opportunistic pro-Russia hacktivist activity targeting operational technology (OT) systems. These groups exploit minimally secured, internet-facing VNC connections to access OT control devices and have caused varying impacts, including physical damage. Named actors include Cyber Army of Russia Reborn, Z-Pentest, NoName057(16), and Sector16. The advisory recommends reducing internet exposure of OT assets, adopting mature asset-management and mapping practices, and enforcing robust authentication.
read more →

Cyber Threats to the U.S.: What Policymakers Need for 2026

🔒 A new Check Point brief warns that cyber attacks against the U.S. have evolved into coordinated geopolitical tools employed by states, criminal networks, and ideological groups. These operations now aim to influence policy, erode public trust, and target critical infrastructure rather than being mere technical intrusions. The report urges leaders to prioritize resilience, improve cross-sector coordination, and strengthen information-sharing and recovery capabilities.
read more →

Vaillant CISO: Act Now on Security and Regulatory Change

🔐 Vaillant CISO Christoph Reiß says rising geopolitical tensions and the professionalization of cybercrime — amplified by accessible AI tools — are elevating the threat to the heating and energy sector. Vaillant relies on a holistic, multilayered security strategy that combines preventative and reactive measures and protects IT, production, and customer products. Employee-focused training, from gamification to practical compliance, is central, and Reiß highlights regulatory complexity (e.g., NIS2, DORA, Cyber Resilience Act) while urging organizations to start, don’t wait on pragmatic implementation.
read more →

SANS ICS/OT Security 2025: Key Findings and Actions

🔐 The SANS State of ICS/OT Security 2025 report, sponsored by Fortinet, highlights persistent operational risks across critical infrastructure, with high incident rates, extended remediation times, and remote-access exposures. It calls for treating mean time to recovery (MTTR) as a board-level metric, unifying IT/OT visibility, and automating response playbooks. The analysis urges replacing ad hoc remote connectivity with secure, monitored access and integrating OT-specific threat intelligence into enforcement; FortiPAM and FortiGuard AI-Powered Security Services are cited as solutions to improve segmentation, detection, and recovery.
read more →

Louvre Launches €57m Tender to Upgrade Security Systems

🔒 The Louvre has issued a €57m public tender to overhaul its safety and security infrastructure after an October break-in at the Apollo Gallery that led to the theft of the Crown Jewels valued at €88m. The procurement seeks a new digital safety management system, consolidated IT and physical security monitoring, a central VMS/CCTV upgrade, ANSSI‑vetted access controls, and revamped IDS and artwork proximity sensors. All solutions must be interoperable, scalable and open to avoid vendor lock-in. Companies have until December 10 to apply.
read more →

NCSWIC Releases 'What Is a PACE Plan' Video for Agencies

🎥 This Emergency Communications Month, the National Council of Statewide Interoperability Coordinators (NCSWIC) Planning, Training, and Exercise Committee released a concise educational video, 'What is a PACE Plan', that explains the components of a PACE plan (Primary, Alternate, Contingency, Emergency) and why it matters for public safety communications. NCSWIC members describe how communications can change in atypical situations and demonstrate why agencies should know their PACE and routinely practice it. The video is a practical tool to help agencies maintain continuity of communications when primary systems degrade.
read more →

US, International Agencies Issue AI Guidance for OT

🛡️ US and allied cyber agencies have published joint guidance to help critical infrastructure operators incorporate AI safely into operational technology (OT). Developed by CISA with the Australian Signals Directorate and input from the UK's NCSC, the document covers ML, LLMs and AI agents while remaining applicable to traditional automation systems. It recommends assessing AI risks, protecting sensitive OT data, demanding vendor transparency on embedded AI and supply chains, establishing governance and testing in controlled environments, and maintaining human-in-the-loop oversight aligned with existing cybersecurity frameworks.
read more →

Protecting Submarine Cables: Cyber and Physical Security

🔒 Submarine cables carry between 95% and 99% of global data traffic, yet recent breakages — notably ten in the Baltic Sea between 2022 and July 2025 — highlight persistent vulnerabilities. Private operators now control most capacity, and governments and vendors must address both physical threats such as fishing and anchors and increasingly sophisticated cyber risks. Major cloud vendors emphasize route diversity and redundancy while operators like Telxius combine burial, audits, AI/ML detection and continuity planning to protect service availability.
read more →

CISA Adds CVE-2021-26829 to Known Exploited Vulnerabilities

🔔 CISA has added CVE-2021-26829 — a cross-site scripting vulnerability in OpenPLC ScadaBR — to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Cross-site scripting is a frequent attack vector that can enable data theft, session hijacking, and unauthorized actions, posing significant risks to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies are required to remediate KEV-listed flaws by the specified due date; CISA also strongly urges all organizations to prioritize timely remediation. CISA will continue to update the catalog as new threats meet its criteria.
read more →

FCC Warns: Hackers Hijack Radio Gear to Air False Alerts

🔔 The FCC has warned that attackers have been hijacking US radio transmission equipment to broadcast false Emergency Alert System tones and obscene material, exploiting unsecured Barix network audio devices. Intruders reconfigured devices to pull attacker-controlled streams, causing stations in Texas and Virginia to air unauthorized Attention Signals layered with offensive language. The FCC urged broadcasters to apply vendor patches, change default credentials, isolate EAS and Barix devices behind firewalls or VPNs, monitor logs, and report incidents to manufacturers, the FCC Operations Center and IC3.
read more →

Key Provisions of the UK Cyber Security and Resilience Bill

🛡️ The Cyber Security and Resilience Bill — introduced to the House of Commons on 12 November and outlined by Shona Lester (DSIT) on 24 November — aims to strengthen protection for essential services by expanding regulatory scope and accelerating incident reporting. It brings data centres, large load controllers, managed service providers and designated critical suppliers into an Operators of Essential Services regime and requires 24‑hour notification of incidents with fuller reporting to follow. The bill also increases regulators’ enforcement powers and penalty regimes.
read more →

Huawei and Chinese Surveillance: Industry Complicity

🔍 The excerpt, from House of Huawei, recounts Wan Runnan’s experience as a celebrated 1980s entrepreneur who later fled China after supporting the 1989 pro‑democracy protests. At a late‑1980s dinner, local officials told him the Ministry of State Security planned to embed agents in tech firms under the pretext of protection, particularly in roles handling international relations. Wan reports that similar approaches were made to other companies and says Huawei, then a small Shenzhen startup, almost certainly would not have been exempt. He warns that telecommunications back‑end platforms are uniquely able to enable state eavesdropping, a rare public glimpse into intelligence ties with industry.
read more →

Serious Cyber Incidents Hit Multiple London Councils

⚠️ Multiple London local authorities, including the Royal Borough of Kensington and Chelsea (RBKC) and Westminster City Council, are responding to a serious cybersecurity incident identified on Monday. Both councils have informed the ICO and are working with the NCSC while invoking business continuity and emergency plans to protect critical services. A number of systems, including phone lines and shared IT services, are affected across boroughs. RBKC reports successful mitigations are in place and recovery work is continuing.
read more →