All news with #critical infrastructure tag

🔒 CISA released new guidance called CI Fortify to help critical infrastructure organizations prepare to operate through crises and conflicts and continue delivering essential services while under cyberattack. The guidance centers on two emergency capabilities: Isolation — proactively disconnecting from third-party dependencies and operating without reliable telecommunications — and Recovery — rapidly restoring compromised systems while isolated. CISA urges organizations to begin investing now, test recovery plans, and practice local and manual operations to maintain a baseline of continuity.

📈 The Milano Cortina 2026 Winter Games coincided with a dramatic rise in DDoS activity against Italian infrastructure, with attack frequency increasing 181% year-over-year from 2025. NETSCOUT ASERT recorded 12,963 attacks during the core Games window (Feb 6–23), peaking at more than 2,200 attacks on single days and shifting tactics from high-bandwidth floods to packet-rate–intensive vectors. The hacktivist group NoName057(16) dominated public claims, while ransomware groups and other actors also asserted responsibility. Adaptive defenses such as NETSCOUT ATLAS and Arbor products were highlighted as important mitigations.

🛡️ Small and mid-size US defense contractors lack the network telemetry needed to detect nation-state reconnaissance and pre-positioning operations, Team Cymru analyst Stephen Campbell warns. He says state-backed groups are increasingly targeting edge infrastructure — routers, firewalls and VPN gateways — and using living-off-the-land techniques and legitimate cloud services to evade endpoint alerts. Campbell urges firms to deploy NetFlow pattern recognition, map infrastructure, patch and segment systems, and hunt for anomalous DNS and lateral movement to uncover stealthy access.

🔒 CISA has instructed owners and operators of operational technology to stop assuming network safety and released joint guidance, Adapting Zero Trust Principles to Operational Technology, to apply Zero Trust to systems supporting power, water, transportation, building automation, and weapons-support infrastructure. The 28-page guide — developed with the Department of War, Department of Energy, FBI, State Department and NIST technical input — emphasizes assuming adversaries are inside, validating access by identity, context, and risk, and tailoring controls to OT constraints like latency and safety.

🔍 The ODNI’s 2026 Annual Threat Assessment pivots from long-term, global forecasting to active operational reporting and a homeland-centric focus. This shift de-emphasizes detailed tracking of state-led infrastructure campaigns and named operations, leaving gaps in visibility on pre-positioned access. CISOs and CROs are urged to fund a resilience premium and prioritize identity, infrastructure continuity, algorithmic defense, and intelligence integration.

🔒 ESET Chief Security Evangelist Tony Anscombe reviews April’s top cybersecurity developments, including rising Microsoft Teams helpdesk impersonation scams, an Iranian-linked campaign targeting Rockwell programmable logic controllers exposed on U.S. critical infrastructure networks, and the FBI IC3’s finding that U.S. victims lost nearly $21 billion to cyber-enabled crime last year. Tony offers practical mitigation advice — from stricter verification and access controls for remote support to network segmentation, patching, and monitoring for industrial control systems — and invites viewers to watch the video for deeper context and comparisons to prior years.

🔒 CISA, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, published joint guidance on applying Zero Trust principles to operational technology. The guidance addresses IT-OT convergence risks, legacy infrastructure limitations, operational and safety constraints, and recommends layered controls such as asset visibility, identity and access management, network segmentation, secure communication protocols, and vulnerability management. It emphasizes continuous validation of access and proactive supply chain risk management to protect critical physical processes.

🌐 This report reviews major Internet disruptions in Q1 2026, including prolonged government-directed shutdowns in Uganda and Iran, repeated national grid failures in Cuba, and physical damage to AWS facilities in the Middle East. It summarizes outages caused by power failures, severe weather, cable damage, technical faults, and military action, and highlights their scale and duration. The analysis is based on Cloudflare Radar observations and routing data and emphasizes systemic risks to connectivity.

📦 A Dutch journalist followed instructions on a government website to conceal a Bluetooth tracker inside a mailed postcard addressed to a naval ship, enabling observers to follow the vessel for roughly a day as it sailed from Heraklion, Crete, toward Cyprus. Navy personnel discovered the device during routine mail sorting within 24 hours of arrival and disabled it. As a result, Dutch authorities now ban electronic greeting cards from naval mail to close that screening gap.

⚠️ CISA warns of a critical path traversal vulnerability (CVE-2026-6074) in Intrado 911 Emergency Gateway that can expose the EGW management interface to unauthenticated access from an attacker with network access. The flaw enables reading, modifying, or deleting files and has a CVSS v3.1 base score of 9.8. Intrado released an update on March 2, 2026; organizations should apply the vendor patch immediately. Apply CISA guidance to minimize internet exposure and contact E911Support@intrado.com for vendor coordination.

🛡️ CISA and the U.K. NCSC, together with federal and international partners, released an advisory on deniable, dynamic covert networks exploited by Chinese government-linked actors. The advisory outlines how threat groups leverage weak home, small-office, and IoT devices to build large botnets that enable espionage, intrusion, device takeover, and data theft. It provides actionable detection and mitigation steps — including asset mapping, connection baselining, persistent log collection, and multifactor authentication — to help organizations protect critical infrastructure.

⚠️ The Carlson VASCO-B GNSS Receiver contains an authentication bypass that allows unauthenticated network access to device configuration and operational functions. Affected firmware builds are versions prior to 1.4.0 (CVE-2026-3893) and the issue carries a CVSS 3.1 base score of 9.4 (Critical). Carlson Software recommends updating to 1.4.0 or later and restricting network exposure. Follow network segmentation and firewall controls to mitigate exposure until you apply the update.

🔐 The UK government has pledged £90m to bolster national cyber resilience, announced at the NCSC's CYBERUK conference on 22 April, with a particular emphasis on supporting small and medium-sized enterprises. The funding will promote adoption of the Cyber Essentials standard, which recently passed a 10,000 quarterly certification milestone and saw around a 20% uplift in uptake. Ministers will also launch an Cyber Resilience Pledge this summer requiring signatories to make cyber security a board-level responsibility, join the NCSC Early Warning service and mandate Essentials across supply chains.

⚠️ Kaspersky has identified a previously undocumented file wiper named Lotus Wiper that was used in destructive attacks against Venezuela's energy and utilities sector in late 2025 and early 2026. The campaign relies on two coordinated batch scripts that weaken defenses, probe NETLOGON shares and legacy services, and prepare the environment to deploy a wiper that erases recovery mechanisms, overwrites drives and deletes files. The artifact contains no extortion demands, indicating a targeted, non-financially motivated destructive operation likely planned well in advance.

⚠️ Richard Horne, CEO of the NCSC, warned at the tenth annual CYBERUK in Glasgow that the UK faces a “perfect storm” driven by rising geopolitical tensions and rapid AI-led technological change. He said nationally significant incidents remain broadly steady since the NCSC's last review, but the most serious threats now originate from nation states — notably Russia, China and Iran. The briefing urged organisations to shift from a prevention-only posture to a resilience mindset and to ensure fundamentals such as full visibility, 24/7 monitoring and correct configuration are in place.

🔴 Kaspersky researchers analyzed a previously undocumented data-wiping malware, dubbed Lotus, uploaded from a Venezuelan host in mid-December and used in targeted attacks against energy and utility organizations in Venezuela. Before detonation the attacker runs two batch scripts that weaken defenses, change account passwords, log off users, disable network interfaces and run destructive tools like diskpart, robocopy and fsutil to overwrite and fill drives. The Lotus binary then performs low-level IOCTL operations, clears USN journals, deletes restore points and overwrites physical sectors to render systems unrecoverable. Administrators are advised to monitor these precursor activities and maintain offline, validated backups.

⚠️ Forescout Research Vedere Labs disclosed 22 vulnerabilities, labeled BRIDGE:BREAK, in popular Lantronix and Silex serial-to-IP converters that bridge legacy serial equipment to IP networks. Researchers located nearly 20,000 exposed devices online and warned that several flaws permit full takeover or tampering with serial traffic. Affected models include Lantronix EDS3000PS/EDS5000 and Silex SD330-AC; vendors have issued firmware updates and advisories. Operators should patch immediately, remove default credentials, segment networks, and avoid exposing these converters to the internet.

🚨 CISA warns that the Hardy Barth Salia EV Charge Controller running firmware up to 2.3.81 contains two file‑upload vulnerabilities that can crash devices and may enable remote code execution. The issues are tracked as CVE-2025-5873 (CVSS 6.3) and CVE-2025-10371 (CVSS 7.3) and have public proof‑of‑concepts. Hardy Barth did not respond to coordination requests; operators should minimize network exposure and contact the vendor or eCharge for remediation guidance.

🔒 Siemens has identified a privilege escalation vulnerability (CVE-2026-27668) in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) that permits authenticated User Administrators to grant themselves access to any device group. The issue affects SAM-P versions prior to V5.8; Siemens has released V5.8 to remediate the flaw and recommends immediate updates. Operators should also minimize network exposure and follow established industrial security guidelines.

🔍 US authorities issued an April 7 advisory warning that Iranian-affiliated APTs could be conducting infrastructural cyberattacks, citing links to 2023 water and wastewater incidents attributed to CyberAv3ngers. The article examines two prominent groups — Handala Hack Team and CyberAv3ngers — and argues they function as proxy or false-flag operations likely tied to Iran’s Ministry of Intelligence. It describes a broader pattern of gray warfare, where state actors obscure involvement to retain plausible deniability while exerting persistent pressure on adversaries.