< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 16 of 20

Cyberattack Halts Dutch Broadcaster, Forces Vinyl Use

🎧 RTV Noord, a regional Dutch TV and radio broadcaster, reported a cyber incident on November 6, 2025, that blocked staff access to critical systems. Presenters on the "De Ochtendploeg" breakfast show resorted to playing CDs and LPs to stay on air. The attackers left a message on the network, prompting suspicion of ransomware, and the newsroom confirmed internal channels were limited to WhatsApp while services were restored.
read more →

Proposed U.S. Ban on TP-Link Routers Raises Concerns

🔍 The U.S. government is weighing a ban on sales of TP‑Link networking gear amid concerns that the company may be subject to Chinese government influence and that its products handle sensitive U.S. data. TP‑Link Systems disputes the claims, says it split from its China-based namesake, and notes many competitors source components from China. The piece highlights industry-wide risks — insecure defaults, outdated firmware, and ISP-deployed devices — and suggests OpenWrt and similar open-source firmware as mitigations for technically capable users.
read more →

Sandworm Deploys New Wiper Malware in Ukraine Q2–Q3 2025

🛡️ ESET's APT Activity Report covering Q2–Q3 2025 reports that Russian-aligned Sandworm deployed new data wipers, identified as Zerolot and Sting, against Ukrainian targets including government bodies and critical sectors such as energy, logistics and grain. The firm assessed the activity as likely intended to weaken Ukraine's economy. The findings, published on 6 November 2025, also note increased espionage and tool-sharing among other Russia-aligned groups.
read more →

Cisco Fixes Critical Authentication and RCE Flaws in CCX

🔒 Cisco has released security updates for Unified Contact Center Express (CCX) to address two critical vulnerabilities that can enable authentication bypass and remote code execution as root. The company issued software updates 15.0 ES01 and 12.5 SU3 ES07 and urged customers to apply them immediately. Cisco also fixed four medium-severity issues across CCX, CCE and UIC, and warned of a new attack variant affecting ASA and FTD devices tied to earlier patches.
read more →

U.S. Congressional Budget Office Hit by Cyberattack

🔒 The U.S. Congressional Budget Office confirmed a cybersecurity incident after a suspected foreign hacker breached its network. The agency says it acted quickly to contain the intrusion, implemented additional monitoring and new security controls, and is investigating the scope of the compromise. Officials warned that emails and exchanges between CBO analysts and congressional offices may have been exposed, prompting some offices to halt communications with the agency.
read more →

Sandworm Deploys Data Wipers Against Ukraine's Grain Sector

🔒Russian state-backed Sandworm (aka APT44) deployed multiple data-wiping malware families in June and September 2025, targeting Ukrainian education, government, and grain-production organizations. ESET says these wipers — distinct from ransomware — corrupt files, partitions, and boot records to prevent recovery and cause long outages. Some intrusions began with access by UAC-0099, which then handed access to APT44 for destructive payloads.
read more →

Google: Cyber-Physical Attacks to Rise in Europe 2026

🚨 Google Cloud Security's Cybersecurity Forecast 2026 warns of a rise in cyber-physical attacks across EMEA targeting energy grids, transport and digital infrastructure. The report highlights increased state-sponsored espionage from Russia and China and anticipates these operations may form hybrid warfare combined with information operations to erode public trust. It also flags supply-chain compromises of managed service providers and software dependencies, and notes that cybercrime — including ransomware aimed at ERP systems — will remain a major disruptive threat to ICS/OT. Analysts further expect adversaries to increasingly leverage AI and multimodal deepfakes.
read more →

Smashing Security #442: Clock Hack and Rogue Negotiators

🕒 In episode 442 of Smashing Security, Graham Cluley and guest Dave Bittner examine a state-backed actor that spent two years tunnelling toward a nation's master clock, creating the potential for widespread disruption to time-sensitive systems. They also discuss a disturbing case where ransomware negotiators allegedly turned rogue and carried out their own hacks. The discussion highlights investigative findings, operational impacts, and lessons for defenders tasked with protecting critical infrastructure.
read more →

Securing Critical Infrastructure: Europe’s Risk-Based Rules

🔒 In this Deputy CISO post, Freddy Dezeure of Microsoft explains how recent EU laws are reshaping cybersecurity for critical infrastructure. He argues that NIS2 and DORA broaden the CISO role across IT, OT, IoT, AI, and supply chains and push for stronger board-level accountability. The piece emphasizes a risk-based, prioritized approach—focusing on a few high-impact controls such as phishing-resistant multifactor authentication, comprehensive asset inventory, timely patching, and resilience testing.
read more →

CISA: Survision LPR Camera Missing Authentication Flaw

⚠️ Survision's License Plate Recognition (LPR) Camera contains a missing authentication for critical function, allowing unauthenticated access to the configuration wizard. The issue affects all versions and is tracked as CVE-2025-12108 with a CVSS v4 base score of 9.3 and a CVSS v3.1 score of 9.8, indicating remote, low-complexity exploitation with high impact. Survision released firmware v3.5 to address the vulnerability and recommends enabling configuration passwords, defining minimal-right user roles, and enforcing client certificate authentication where possible.
read more →

Radiometrics VizAir: Critical Authentication Flaws

⚠️ CISA warns that Radiometrics VizAir systems (versions prior to 08/2025) contain multiple critical vulnerabilities — including missing authentication for admin functions and an exposed REST API key — assigned CVE-2025-61945, CVE-2025-54863, and CVE-2025-61956 and rated CVSS v4 10.0. Remote attackers could alter weather parameters, disable alerts, manipulate runway settings, and extract sensitive meteorological data, potentially disrupting airport operations. Radiometrics has deployed updates to affected systems; CISA recommends minimizing network exposure, isolating control networks, and using secure remote access methods.
read more →

ISO 15118-2 SLAC Vulnerability in EV Charging Protocol

🔒 ISO 15118-2-compliant EV charging implementations using the SLAC protocol are vulnerable to spoofed measurements that can enable man‑in‑the‑middle attacks between vehicles and chargers, tracked as CVE-2025-12357 (CVSS v4 7.2). The issue is an improper restriction of communication channel (CWE-923) and may be exploitable wirelessly at close range via electromagnetic induction. ISO recommends using TLS (required in ISO 15118-20) with certificate chaining; CISA advises minimizing network exposure, isolating control networks, and using secure remote access methods.
read more →

Greens Urge Immediate National Cybersecurity Offensive

⚠️ The Greens are calling for a rapid, pre-Christmas security offensive to counteract sabotage, espionage and cyberattacks, saying the federal government is moving too slowly to act. Parliamentary deputies Konstantin von Notz and Irene Mihalic welcome recognition of the threat by Chancellor Friedrich Merz and Interior Minister Alexander Dobrindt but demand immediate, concrete measures and activation of the National Security Council. They also press for a major intelligence service reform and criticize weaknesses in the draft bill to transpose NIS-2 obligations, warning exemptions and gaps would undermine resilience across public administration, municipalities and critical infrastructure.
read more →

Canada Warns Hacktivists Tampered With Critical Systems

⚠️ The Canadian Centre for Cyber Security warns that hacktivists recently breached multiple internet-exposed industrial control systems across Canada. Attackers modified settings at a water treatment facility, an oil and gas site (manipulating an Automated Tank Gauge), and a farm grain dryer, causing disruptions, false alarms, and potentially unsafe conditions. Authorities describe the intrusions as opportunistic attempts to attract media attention and erode public trust rather than highly sophisticated campaigns. The bulletin urges organizations to inventory exposed ICS assets, remove direct internet access, use VPNs with two‑factor authentication, keep firmware updated, and report suspicious activity.
read more →

BSI: Tens of Thousands of German Exchange Servers Vulnerable

⚠️ The German Federal Office for Information Security (BSI) warns that the majority of an estimated 33,000 publicly reachable Microsoft Exchange Server 2016 and 2019 installations still operate without vendor support after 14 October 2025. Without security updates, new critical Exchange vulnerabilities cannot be patched and affected systems may need to be taken offline to avoid compromise. The BSI highlights rapid network-wide compromise and ransomware risk and urges prompt upgrades, migrations, or protective measures such as VPNs or IP restrictions.
read more →

Ransomware Hits Swedish Grid Operator Svenska kraftnät

🔒 On October 25, 2025 the ransomware group Everest listed state grid operator Svenska kraftnät on its darknet leak site, claiming about 280 GB of stolen data. Svenska kraftnät confirmed on October 26 that attackers accessed certain sensitive information via an isolated external file-transfer solution and said investigations are underway. The utility — which operates roughly 16,000 km of high-voltage lines — said there is currently no indication the physical grid was affected and that it is coordinating with police and national cybersecurity authorities.
read more →

Protecting Moldova’s 2025 Parliamentary Election Online

🛡️ Cloudflare assisted the Moldovan Central Election Commission (CEC) during the September 28, 2025 parliamentary vote, rapidly onboarding election sites and deploying mitigations under the Athenian Project. On election day Cloudflare mitigated over 898 million malicious requests across multiple DDoS waves, including a peak of 324,333 rps, keeping official result reporting and civic sites online. Automated defenses and coordination with STISC ensured no interruptions to public access and authoritative information.
read more →

A Framework for Measuring Internet Resilience Nationwide

🔍 This post introduces a reproducible, data-driven framework to quantify Internet resilience, motivated by the July 8, 2022 Rogers outage that affected millions. It defines resilience as the ability of a national or regional ecosystem to maintain diverse, secure routing and rapidly recover from failures. The framework combines public sources (RouteViews, RIPE RIS, traceroutes, IXPs, submarine cable maps) and focuses on measurable metrics such as RPKI, ROV, IXP distribution, submarine cable diversity, AS path diversity, and impact-weighted assessments.
read more →

Q3 2025 Internet Disruptions: Causes and Observations

🌐 In Q3 2025 Cloudflare observed a wide range of Internet disruptions affecting governments, carriers, and infrastructure worldwide. Incidents included government-directed shutdowns in Sudan, Syria, Iraq, Venezuela, and Afghanistan; submarine and terrestrial cable cuts; power outages; a major earthquake; a targeted cyberattack; and technical failures such as Great Firewall anomalies and Starlink outages. The post synthesizes observed traffic losses using Cloudflare Radar metrics.
read more →

Cybersecurity Becomes Top Challenge for Financial Sector

🔒 A recent PPI survey of 50 banks and 53 insurers in Germany reports a sixfold rise in cyberattacks compared with 2021. Sixty-four percent of respondents now view cyberattacks as the sector's top challenge, ahead of digitization, credit quality and regulation. Firms cite low employee awareness and difficulty with real-time detection; malware installation and IT disruption are the most frequent attack types.
read more →