< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 18 of 20

US Cuts Federal Funding for MS-ISAC Cyber Program Impact

🛡️ CISA has ended its cooperative agreement with the Center for Internet Security, terminating federal funding for the MS-ISAC on September 30 and placing the program's future in doubt. The MS-ISAC supports more than 18,000 state, local, territorial and tribal members with services such as advisories, secure information sharing, tabletop exercises and the Albert intrusion detection system. CIS has been temporarily subsidizing operations at over $1m per month but plans to phase out that support and is pushing members toward a paid membership model. CISA says it will move to a "new model" to support SLTT partners with tools, grant access and regional advisors.
read more →

Manufacturing Cyber Risk Escalates: Executive Priorities

⚠️Manufacturing organizations now face an average of 1,585 cyberattacks per week, a 30% year‑over‑year rise, and ransomware remains the predominant threat. Incidents can incur losses that reach hundreds of millions and in some cases force insolvency. Deep supplier connectivity amplifies exposure because a single compromised vendor can cascade disruption across industries. The report urges executives to prioritize resilience, segmentation, and third‑party risk management.
read more →

MegaSys Telenium Online: Critical OS Command Injection

⚠ The MegaSys Enterprises Telenium Online Web Application contains a critical OS command injection vulnerability (CVE-2025-10659) that allows unauthenticated remote attackers to inject arbitrary operating system commands via crafted HTTP requests. CISA reports a CVSS v3.1 score of 9.8 and a CVSS v4 score of 9.3, indicating high potential for remote code execution. MegaSys has published a fix; administrators should apply updates promptly and follow CISA mitigation guidance to reduce internet exposure and isolate control systems.
read more →

Dutch Teenagers Arrested Over Alleged Pro-Russian Spying

🔎 Two 17-year-olds in the Netherlands were arrested after allegedly being recruited via Telegram by pro‑Russian hackers to map Wi‑Fi networks near government targets. Reports say the youths walked areas of The Hague close to Europol, Eurojust and several embassies while using a Wi‑Fi sniffer; the Canadian embassy was reportedly targeted. The domestic intelligence service tipped off police, who carried out raids and seized evidence. One teenager remains in custody while the other has been electronically tagged and placed under house arrest as the probe continues.
read more →

Nationwide Internet Shutdown in Afghanistan Extended

🌐 Cloudflare observed a nationwide Internet shutdown in Afghanistan on 29 September 2025 that began with a brief fixed-line interruption around 11:30 UTC and escalated to a full fiber-optic cut shortly after 12:30 UTC. HTTP requests, DNS queries (1.1.1.1) and total bytes dropped to zero at a national level, while mobile providers showed brief, partial connectivity. The outage removed the majority of announced IPv4 and IPv6 prefixes and threatens banking, customs, emergency communications, television and radio services.
read more →

US Secret Service Disrupts Massive SIM Farm Network

📵 The U.S. Secret Service says it disrupted a large network of SIM farms near New York City that officials warn could have disabled cellular service during the U.N. General Assembly. Agents seized more than 300 SIM servers and roughly 100,000 SIM cards across sites in New York, New Jersey and Connecticut. Authorities say the equipment could have texted the entire U.S. population within minutes, launched DDoS attacks, and interfered with emergency communications. The agency attributed the operation to nation-state actors working with organised crime, while specific locations and perpetrators remain undisclosed.
read more →

Cell Tower Hacking Network Dismantled Near UN Event

🔒 The US Secret Service has seized and dismantled a network of electronic devices across the New York tristate area that could be used to disrupt cellular service ahead of the United Nations General Assembly in New York City. Authorities recovered 300 co-located SIM servers and 100,000 SIM cards, equipment capable of enabling DoS attacks, disabling towers and facilitating anonymous encrypted communications. The operation was led by the agency’s Advanced Threat Interdiction Unit, which says early analysis identified contacts between individuals tied to the network and known nation-state threat actors; the investigation remains ongoing with multiple federal and local partners.
read more →

Jaguar Land Rover Extends Production Pause After Cyberattack

🚗 Jaguar Land Rover has extended a production shutdown until Wednesday 1 October 2025 after a major cyber incident that halted its Solihull, Halewood and Wolverhampton plants. The company said teams are working with cybersecurity specialists, the NCSC and law enforcement while it investigates, and warned the outage has already cost an estimated £120m in profits and £1.7bn in revenue. Unions have called for government-backed support for suppliers facing bankruptcy amid cascading supply-chain risk.
read more →

Ransomware Attack Disrupts Check-in at Major EU Airports

🛫 Over the weekend several major European airports experienced check-in and boarding disruptions after a ransomware attack on the external vendor Collins Aerospace. Attackers targeted the MUSE multi-airline check-in system, forcing manual processing of thousands of passengers and causing delays and cancellations to more than 100 flights. Airports affected included Heathrow, Brussels and Berlin Brandenburg, with only minor impact reported in Cork and Dublin. Authorities and the vendor are investigating while restoration efforts continue.
read more →

European airports disrupted after Collins MUSE cyberattack

✈️ Collins Aerospace's MUSE check-in platform suffered a cyber-related outage late Friday, forcing airlines and major European airports to revert to manual processes including handwritten tickets, paper boarding passes, laptops and iPads. Brussels was hardest hit with dozens of cancellations; Heathrow and Brandenburg reported delays while operators isolated affected systems. Collins says the disruption is limited to electronic check-in and baggage drop and that manual operations are in place while it works to restore a secure version. Passengers were urged to check flight status and arrive earlier than usual.
read more →

Cyberattack Disrupts Passenger Processing at Major Airports

🛫 According to Tagesschau, IT service provider Collins Aerospace was hit by a cyberattack on the evening of 19 September, disrupting passenger processing at Berlin (BER), Brussels, Dublin and London Heathrow. Security experts said the incident targeted the multi-tenant environment of the ARINC system that supports check-in, boarding and baggage handling. Affected airports reported partial delays and cancellations while Collins worked to restore services.
read more →

Third-day airport chaos after supplier cyber-attack

✈️ A suspected cyber-attack on a third-party supplier's check-in platform caused widespread flight cancellations and delays at several European airports, including Heathrow, Brussels, Berlin and Dublin. RTX's Muse software, used for check-in, boarding-pass validation and baggage tagging, was reported as the target, forcing some airlines to revert to pen-and-paper processes. Airports posted notices saying recovery work is ongoing and urging passengers to confirm flight status and use online check-in where possible.
read more →

Microsoft Entra ID Flaw Could Allow Tenant-Wide Hijack

🔒 A critical token validation flaw in Microsoft Entra ID could permit full tenant compromise by abusing undocumented, unsigned actor tokens issued by a legacy Access Control Service. Researcher Dirk-jan Mollema showed that when paired with a vulnerability in the deprecated Azure AD Graph API (CVE-2025-55241) those tokens could impersonate any user — including Global Administrators — across tenants without leaving tenant logs. Microsoft confirmed a fix after the July report and later patched the CVE.
read more →

Russia and China Target Germany's Economy: Survey Findings

🔍 A representative Bitkom survey of 1,002 German companies finds nearly three in four report rising attacks, estimating combined damage at €289 billion. 87% of executives said their organization experienced at least one attack in the past 12 months; 28% now suspect foreign intelligence involvement. Respondents most often pointed to China and Russia (46% each). Insurers report AI-generated false claims, prompting firms and authorities to adopt more holistic, AI-assisted defenses.
read more →

Smart Cities Face Growing Cybersecurity Risks and Gaps

🏙️ Smart cities are expanding rapidly—69% of municipalities report strategic agendas and an estimated 83,000 sensors were deployed in 2024—significantly enlarging the attack surface. High-profile incidents (Dallas alarm hack, Washington, DC ransomware, Florida water-treatment manipulation, and Olsztyn transport disruption) show that networked devices can lead to both digital and physical harm. Experts from Accenture, Zebra Technologies, and S2GRUPO warn that legacy devices, fragmented governance, and IT/OT convergence demand zero-trust, segmentation, and coordinated incident response to reduce systemic risk.
read more →

Hitachi Energy Asset Suite: Multiple High-Risk Flaws

⚠️ Hitachi Energy has disclosed multiple high-severity vulnerabilities in Asset Suite, affecting versions 9.6.4.5 and earlier. The issues include SSRF, deserialization of untrusted data, cleartext password exposure, uncontrolled resource consumption, open redirect, and improper authentication that can lead to remote code execution. Customers should apply vendor-provided mitigations and upgrades immediately to reduce exposure.
read more →

Westermo WeOS 5 IPSec Denial-of-Service Fix Released

🔔 A vulnerability in Westermo WeOS 5 when IPSec is enabled can allow a specially crafted ESP packet to trigger an immediate device reboot. Westermo reported the flaw and released WeOS 5 version 5.24.0 to address the issue. CISA rates the vulnerability as remotely exploitable with a CVSS v4 score of 8.2 and notes high attack complexity.
read more →

CISA Issues Nine New ICS Advisories on Sep 18, 2025

🛡️ CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025, detailing vulnerabilities, exploits, and mitigations affecting multiple vendors and products. The advisories cover Westermo WeOS, Schneider Electric Saitel RTUs, Hitachi Energy Asset and Service Suites, Cognex In‑Sight devices, Dover Fueling Solutions ProGauge MagLink LX4 devices, plus updates for rail linking protocols and Mitsubishi FA engineering tools. Administrators and operators are urged to review the technical details and apply recommended mitigations promptly to reduce operational and safety risk.
read more →

Dover ProGauge MagLink LX Vulnerabilities and Fixes

⚠️ Dover Fueling Solutions disclosed critical vulnerabilities in its ProGauge MagLink LX4, LX4 Plus, and LX4 Ultimate tank monitors that may be exploited remotely. Identified issues include an integer overflow (CVE-2025-55068), a hard-coded cryptographic signing key (CVE-2025-54807), and non‑changeable weak default root credentials (CVE-2025-30519), with ratings up to CVSS v4 9.3. Affected firmware must be updated to 4.20.3 for LX4/LX4 Plus or 5.20.3 for LX4 Ultimate; operators are urged to minimize network exposure and place devices behind firewalls.
read more →

Cognex In-Sight Firmware: Multiple High-Risk Flaws

🔒 Cognex disclosed multiple high-severity vulnerabilities in In-Sight Explorer and firmware for the In-Sight 2000/7000/8000/9000 series (versions 5.x through 6.5.1). Identified issues include hard-coded credentials, cleartext management protocols (including telnet and a proprietary TCP 1069 service), weak default permissions, authentication bypass via capture-replay, and insufficient server-side enforcement. CISA assigns high CVSS scores (up to 8.8 v3.1 and 8.6 v4), warns of credential disclosure, configuration manipulation, and potential denial-of-service, and recommends migration to newer In-Sight Vision Suite systems and network isolation.
read more →