< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 17 of 20

Path to CPS Resilience: Securing Critical Infrastructure

🔒 Cyber-physical systems (CPS) underpin critical infrastructure across industry, healthcare and buildings, and their continuous availability is essential to public safety and business continuity. The article urges CISOs to prioritize CPS security, invest in OT protection, close long-standing IT–OT silos and maintain accurate asset inventories. It highlights that many organizations lack OT incident response or business continuity plans and emphasizes that rapid recovery, segmentation and tested emergency procedures are key to minimizing downtime and harm. Analysts warn of steep recovery times and severe financial and human impacts if CPS resilience is not improved.
read more →

Jaguar Land Rover Cyberattack: Costliest in UK History

🔒 The cyberattack on Jaguar Land Rover in late August forced a global shutdown of IT systems and halted production across its factories. According to the Cyber Monitoring Centre, the weeks-long outage inflicted an estimated £1.9 billion in losses and affected more than 5,000 organizations, including suppliers and dealers. The UK government intervened with guarantees and up to £1.5 billion in support to secure the supply chain as production is gradually resumed.
read more →

China Alleges NSA Cyberattack on National Time Service

🔍 China’s security authorities publicly accused the US National Security Agency of a covert operation against the National Time Service Center, alleging an SMS-service vulnerability was exploited beginning March 25, 2022 to compromise staff phones and steal data. Experts told CSO the claim is technically plausible but there is no public forensic evidence to confirm it conclusively. The alleged intrusion could affect Beijing Time, potentially disrupting communications, finance, power, transportation and space operations. Security specialists recommend hardening time infrastructure, avoiding SMS-based privileged logins, validating clocks against multiple trusted references, deploying cryptographic attestation for time signals, and following guidance from CISA.
read more →

China Accuses U.S. of Attacking National Time Authority

🔍 China’s Ministry of State Security has accused the U.S. National Security Agency of conducting cyber intrusions against the National Time Service Center in Xi'an, alleging activity beginning in March 2022. The statement says the campaign initially exploited vulnerabilities in employees’ mobile phones and later affected center computers. Beijing warned that the center’s role in providing official time underpins communications, finance and power systems, and that interference could cause major disruptions. U.S. officials did not immediately respond to the allegation.
read more →

SharePoint Flaws Led to Breach at Kansas City Nuclear Plant

🔒 A foreign threat actor exploited unpatched Microsoft SharePoint vulnerabilities to infiltrate the Kansas City National Security Campus (KCNSC), which produces most non‑nuclear components for U.S. nuclear weapons. Honeywell FM&T, which manages the site for the NNSA, and the Department of Energy did not respond to requests for comment. Federal responders, including the NSA, were onsite in early August after Microsoft issued fixes on July 19. Attribution remains disputed between Chinese-linked groups and possible Russian actors; there is no public evidence that classified information was taken.
read more →

China Accuses NSA of Multi-Stage Attack on NTSC Systems

🕒 The Chinese Ministry of State Security (MSS) has accused the U.S. National Security Agency (NSA) of a "premeditated" multi-stage cyber intrusion targeting the National Time Service Center (NTSC), which manages Beijing Time. The MSS says the campaign began with SMS-based compromises of staff devices in March 2022 and escalated through credential reuse and a deployed "cyber warfare platform" between August 2023 and June 2024. According to the statement, the platform employed 42 specialized tools, forged digital certificates, and high-strength encryption while routing traffic through VPSes across the U.S., Europe, and Asia; Chinese agencies say they detected, neutralized the activity, and reinforced defenses.
read more →

Fortinet Advances Global Cyber Resilience at AMC25

🔒 Fortinet participated in the World Economic Forum’s Annual Meeting on Cybersecurity (AMC25) in Dubai, engaging government, industry, and civil leaders to advance global cyber resilience. Fortinet executives Dr. Carl Windsor and Derek Manky led sessions on public‑private collaboration, frameworks for scaling disruption, and the role of the Cybercrime Atlas in enabling coordinated action. They highlighted recent coordinated operations and impact reported in the 2025 Cybercrime Atlas: Impact Report, emphasizing that aligning policy, governance, and technical intelligence is essential to protect supply chains, AI systems, and critical infrastructure.
read more →

Over 266,978 F5 BIG-IP Instances Exposed to Remote Attacks

⚠️ Shadowserver Foundation reports 266,978 internet-exposed F5 BIG-IP instances after F5 disclosed a breach in which nation-state actors stole source code and information on undisclosed BIG-IP flaws. F5 issued patches addressing 44 vulnerabilities and urged immediate updates for BIG-IP, F5OS, BIG-IQ, and related products. CISA issued an emergency directive requiring federal agencies to patch or mitigate affected devices by set deadlines. Nearly half of the detected instances are in the United States, with most others across Europe and Asia.
read more →

Zero Disco: Fileless Rootkits Target Legacy Cisco Switches

⚠️Threat actors exploited a Cisco SNMP vulnerability (CVE-2025-20352) to achieve remote code execution on legacy IOS XE switches and install custom, largely fileless Linux rootkits that hook into the IOSd memory space, set universal passwords (including one containing 'Disco'), and hide processes and network activity. The rootkits spawn a UDP-based controller to toggle or zero logs, bypass access controls, and reset running-config timestamps to mask changes. Trend Micro also observed spoofed IP/MAC addresses and attempts to combine a retooled Telnet memory-access exploit to deepen persistence.
read more →

Majority in Germany Sees Threat from Hybrid Attacks

⚠️ A YouGov survey commissioned by the digital policy briefing Digitalwende for Süddeutsche Zeitung Dossier reports that 61% of more than 2,000 respondents view the threat from hybrid attacks as strong or very strong. The poll describes hybrid attacks as combinations of cyber operations, military actions and disinformation aimed at destabilizing societies. Perceived risk differs by party: Greens (72%), Union (71%), SPD (67%) and AfD (49%).
read more →

Critical Infrastructure Hack, Burnout, and Music Discussion

🔐 In episode 439 of Smashing Security, Graham Cluley and guest Annabel Berry examine a reported critical infrastructure hack that allegedly exploited default passwords and featured perpetrators boasting on Telegram. They probe how basic misconfigurations can cascade into major incidents and spotlight the human cost of defending organisations — stress, burnout, and leadership failures. The show pairs this sober analysis with lighter cultural asides, including music and media reflections.
read more →

OpenPLC and Planet WGR-500: Multiple Vulnerabilities

⚠️ Cisco Talos disclosed vulnerabilities affecting OpenPLC and the Planet WGR-500 industrial router, including a ModbusTCP denial-of-service and multiple critical flaws in HTTP-handling functions. The OpenPLC issue (TALOS-2025-2223 / CVE-2025-53476) can be triggered by a crafted series of TCP connections to exhaust the ModbusTCP server. Planet WGR-500 vulnerabilities (TALOS-2025-2226–2229 / CVE-2025-54399–54406, CVE-2025-48826) include stack-based buffer overflows, format string, and OS command injection flaws that may lead to memory corruption or arbitrary command execution.
read more →

Pro‑Russian DDoS Disrupts German Federal Procurement Portal

🛡️ The German federal procurement portal was rendered inaccessible for almost a week by a sustained DDoS campaign; the service was restored Tuesday afternoon. Security analysts attribute the disruption to the pro‑Russian hacker group NoName057(16), which has previously targeted critical infrastructure, authorities and companies in Western countries. The attacks, confirmed as DDoS by observers, overwhelmed servers with a flood of requests. The Federal Office for Information Security (BSI) said it was informed of the incident. The portal, dtvp.de, is a central nationwide platform for electronic Q&A and bid submissions in public tenders.
read more →

Reassignment of CISA Staff Raises National Cyber Risks

🔔 The US Department of Homeland Security has reassigned hundreds of cybersecurity personnel from the Cybersecurity and Infrastructure Security Agency to non-cyber roles supporting immigration and border enforcement, reports say. This shift has most impacted CISA’s Capacity Building team, which writes emergency directives and oversees protections for the government’s highest-value assets; refusal to accept new roles reportedly risks termination. Analysts warn that reductions in specialized threat hunting, vulnerability scanning, and coordinated advisories will slow response times and create exploitable gaps. Enterprises are urged to tighten patch cycles, adopt phishing-resistant MFA, review privileges, and rely on sector ISACs and private intel sharing while federal capacity is strained.
read more →

Hacktivist Group TwoNet Targets Critical Infrastructure

🔍 Forescout observed pro‑Russian hacktivist group TwoNet compromise a realistic water‑treatment honeypot in September, moving from initial access to disruptive actions in roughly 26 hours. The attackers used default credentials and SQL enumeration, then exploited a stored XSS (CVE-2021-26829) to display the message "Hacked by Barlati," altered HMI PLC setpoints and disabled real‑time updates and logs. Researchers urge strong authentication, network segmentation, IP-based ACLs for admin interfaces, and protocol-aware detection to spot exploitation and HMI changes.
read more →

JLR Cyber-Attack Drives 25% Decline in Q2 Volume Sales

🔒 Jaguar Land Rover has reported a 25% drop in volume sales in the three months to 30 September after a cyber incident severely disrupted production and sales. Wholesales in Q2 FY2026 were 66,165 units, down 24.2% year-on-year, while retail sales fell 17.1%. The company began a controlled, phased restart of UK manufacturing from 8 October and launched a supplier financing scheme to ease cashflow during the restart.
read more →

US Government Shutdown Threatens Federal Cybersecurity

⚠️ The US government shutdown will sharply reduce federal cybersecurity capacity, with CISA set to furlough approximately 1,651 of its 2,540 staff (about 65%), leaving only 889 employees, and NIST estimated to retain roughly 34% of its workforce. Core functions such as vulnerability management, guidance, the CVE program and website operations will be curtailed until appropriations resume. The pause raises immediate operational risks, complicates incident response and increases opportunities for threat actors and fraud.
read more →

Google Pixel Phones Added to DoDIN APL for Federal Use

🔒 Google Pixel phones have been added to the DoDIN APL, allowing federal agencies to procure devices that meet Department of Defense network security requirements. Pixel 9 hardware and integrated on-device protections combine with Google Cloud for secure remote management, 5G connectivity, and AI-enabled workflows. Use cases include secure field capture, centralized analytics, and pilots such as TrackInspect for transit infrastructure safety.
read more →

TOTOLINK X6000R Router: Multiple Firmware Vulnerabilities

⚠️ TOTOLINK X6000R routers running firmware V9.4.0cu.1360_B20241207 contain three vulnerabilities that enable argument injection, unauthenticated command execution, and sanitization bypasses leading to file corruption or persistent denial-of-service. The most severe, CVE-2025-52906, is an unauthenticated command injection rated Critical (CVSS 9.3). TOTOLINK has released updated firmware and users should apply the patch immediately while defenders use device visibility and threat prevention to detect exploitation.
read more →

Government Shutdown Deepens US Cybersecurity Risks

⚠️ The US government shutdown that began on Sept. 30 deepens federal cyber risk by compounding prior spending cuts and workforce reductions. Significant cuts — including roughly $1.23 billion trimmed from civilian cyber budgets and about 1,000 CISA staff fired earlier in July — have already weakened defenses. Agencies have issued contingency plans and will exempt some critical SOCs and intelligence functions, but contractors and broader response capacity face disruption. Adversaries are likely monitoring for opportunities, and the effects will persist even after funding resumes.
read more →