< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 20 of 20

CISA Issues Three Industrial Control Systems Advisories

🔔 CISA released three Industrial Control Systems advisories on August 26, 2025, detailing vulnerabilities and mitigations for INVT VT‑Designer and HMITool, Schneider Electric Modicon M340 controllers and modules, and an updated advisory for Danfoss AK‑SM 8xxA Series. The alerts provide technical details, risk assessments, and recommended mitigations. Administrators and asset owners should review the advisories and apply vendor guidance promptly.
read more →

Backdoor Weakness Found in TETRA Radio Encryption Standard

🔒 Security researchers from Midnight Blue have disclosed a critical weakness in an ETSI-endorsed TETRA end-to-end encryption implementation used in professional radios. After extracting and reverse-engineering a Sepura device, they found the E2EE algorithm compresses a 128-bit key to an effective 56 bits before encryption, drastically weakening confidentiality. The behavior looks like an intentional backdoor, and it is unclear which organizations use the vulnerable implementation or whether operators are aware of the risk.
read more →

Maryland Transit Authority Confirms Cyber Incident

🚨 The Maryland Transit Administration (MTA) reported on August 24 that it is investigating a cyber incident involving unauthorized access to specific systems. Most core services, including Local Bus, Metro Subway, Light Rail, MARC and Commuter Bus, remain on schedule, but some functions are disrupted. Affected services include Mobility Paratransit new bookings and rescheduling, MTA real-time updates and call center support, and Baltimore Metro elevator phones, and the agency is working with the Maryland Department of Information Technology, third-party cybersecurity experts and law enforcement to investigate and remediate the issue.
read more →

UNWG Releases Video Series on P25 LMR Encryption Importance

🔐 The Joint SAFECOM–NCSWIC Project 25 (P25) User Needs Working Group (UNWG) has published a video series highlighting the importance of P25 land mobile radio (LMR) encryption for national security and first responder communications. The series explains three types of P25 protections — link layer authentication, link layer encryption, and voice traffic encryption — and why each matters. Another installment outlines UNWG’s role in preserving interoperability and encourages public safety stakeholder engagement.
read more →

Blue Locker Ransomware Targets Critical Infrastructure

🔒 Pakistan Petroleum Limited (PPL) was struck by the Blue Locker ransomware, detected on 6 August, which appends a .blue extension to encrypted files and has reported deletion of backups and theft of some business and employee data. The incident encrypted servers and disrupted financial operations while recovery work proceeded in a phased manner. Pakistan's NCERT issued a high alert to 39 key ministries and institutions and warned of multiple distribution vectors. Organisations, especially critical infrastructure operators, are urged to verify and isolate backups, implement network segmentation and enhanced monitoring, and engage incident response and forensic teams as needed.
read more →

Mitsubishi MELSEC iQ-F CPU Module Denial-of-Service

🔒 CISA published Advisory ICSA-25-233-01 on August 21, 2025 describing a Denial-of-Service vulnerability (CVE-2025-5514, CVSS v3 5.3) in the Mitsubishi Electric MELSEC iQ-F Series CPU module web server. An attacker can send specially crafted HTTP requests that exploit an Improper Handling of Length Parameter Inconsistency to delay processing and prevent legitimate users from accessing the web server. Mitsubishi Electric reports no plans to release a fix and advises customers to restrict network exposure, use IP filtering and VPNs, and limit physical access. CISA recommends isolating control networks behind firewalls and minimizing internet exposure.
read more →

CISA Releases Three Industrial Control Systems Advisories

🔔 CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025, detailing vulnerabilities and potential exploits affecting products from Mitsubishi Electric and FUJIFILM. The notices cover MELSEC iQ-F Series CPU Module, Mitsubishi Electric air conditioning systems (Update A), and Synapse Mobility. Each advisory includes technical details and recommended mitigations. CISA urges administrators and asset owners to review and apply the guidance promptly.
read more →

Warlock Ransomware: Emerging Threat Targeting Services

⚠️ Warlock is a ransomware operation that emerged in 2025 and uses double extortion — encrypting systems and threatening to publish stolen data to coerce payment. The group has targeted government agencies and critical service providers across Europe, and on August 12 a cyber incident disrupted UK telecom Colt Technology Services, with an alleged auction of one million stolen documents. Security analysts link recent intrusions to exploitation of the SharePoint vulnerability CVE-2025-53770, which Microsoft says is actively exploited; Microsoft has published analysis and urges immediate patching. Recommended mitigations include enforcing multi‑factor authentication, keeping security tools and software patched, maintaining secure off‑site backups, reducing attack surface, encrypting sensitive data, and educating staff on phishing and social engineering.
read more →

Static Tundra: Russian State Actor Targets Cisco Devices

🔒 Cisco Talos identifies the threat cluster Static Tundra as a long-running, Russian state-sponsored actor that compromises unpatched and end-of-life Cisco networking devices to support espionage operations. The group aggressively exploits CVE-2018-0171 and leverages weak SNMP community strings to enable local TFTP retrieval of startup and running configurations, often exposing credentials and monitoring data. Talos also observed persistent firmware implants, notably SYNful Knock, and recommends immediate patching or disabling Smart Install, strengthening authentication, and implementing configuration auditing and network monitoring to detect exfiltration and implanted code.
read more →

Tackling the National Gap in Software Understanding

🔍 CISA, with partners including DARPA, OUSD R&E, and the NSA, is leading an interagency effort to close a national gap in software understanding that endangers critical infrastructure. A new Sandia National Laboratories report, The National Need for Software Understanding, describes the gap’s causes, risks, and options for remediation. CISA urges manufacturers to design software for independent analysis and invites experts and mission owners to engage on research priorities.
read more →

Dutch prosecution hack disables multiple speed cameras

⚠️ The Netherlands' Public Prosecution Service (Openbaar Ministerie) disconnected its networks on July 17 after suspecting attackers had exploited Citrix device vulnerabilities, leaving several fixed, average and portable speed cameras unable to record offences. Internal email remained available, but external communications and documents required printing and postal delivery. Regulators including the National Cybersecurity Centre were informed, and prosecutors warned that ongoing downtime will delay cases and hamper road-safety enforcement while systems remain offline.
read more →

CISA and Partners Issue OT Asset Inventory Guidance

🔒 CISA and international partners released new guidance to help operational technology (OT) owners and operators establish and maintain comprehensive asset inventories and taxonomies. The resource provides practical steps to identify, classify, and track OT devices and components that support critical infrastructure, including industrial control systems and automation. Implementing these practices aligns with the Cross-Sector Cybersecurity Performance Goals and enhances visibility, risk management, and operational resilience for mission-critical services.
read more →

Ukraine Claims Hack of Russia's New Nuclear Submarine

🔐 Ukraine's Defence Intelligence agency (HUR) says its hackers exfiltrated classified files and technical documentation related to the newly commissioned Russian nuclear ballistic missile submarine Knyaz Pozharsky. Leaked materials, posted on Telegram, reportedly include combat manuals, schematics of combat and survivability systems, crew lists with qualifications, and operational schedules. Russian authorities have not commented and independent verification by Western intelligence or cybersecurity experts is still pending.
read more →

CISA Alerts on Severe Microsoft Exchange Vulnerability

⚠️CISA issued an alert on a high-severity vulnerability affecting on-premise Microsoft Exchange servers disclosed today. The agency is actively monitoring and coordinating mitigation with Microsoft and government and industry partners to assess scope and impact. Organizations are strongly urged to implement Microsoft guidance immediately to reduce risk and protect critical infrastructure.
read more →

DHS Launches $100M+ Funding to Strengthen Cybersecurity

🔐 CISA and FEMA announced the availability of more than $100 million in grant funding to bolster state, local, and tribal cybersecurity capabilities. The FY2025 Notice of Funding Opportunity includes the State and Local Cybersecurity Grant Program (SLCGP) with $91.7 million and the Tribal Cybersecurity Grant Program (TCGP) with $12.1 million. Awards may support planning, exercises, hiring cybersecurity experts, network hardening, and improvements to services provided to citizens. Applicants should consult CISA application resources to prepare proposals.
read more →

Top Secret INSCOM Data Exposed via Public AWS S3 Repository

🔓 On September 27, 2017, UpGuard researcher Chris Vickery discovered an Amazon S3 bucket at the AWS subdomain "inscom" that was publicly accessible and contained 47 entries with three downloadable files. One download, an .ova virtual appliance named "ssdev," included a virtual hard drive with partitions and metadata labeled Top Secret and NOFORN. The exposed assets also contained private keys, hashed passwords, a ReadMe referencing the Pentagon cloud project Red Disk, and a classification-training snapshot. UpGuard notified INSCOM and the repository was promptly secured.
read more →

PQE Data Exposure Reveals Critical Infrastructure Details

⚠️ The UpGuard Cyber Risk Team discovered a publicly accessible rsync repository belonging to Texas-based Power Quality Engineering (PQE) that exposed sensitive electrical infrastructure data for clients including Dell, Oracle, and Texas Instruments. Up to 205 GB of reports, schematics, infrared imagery and a plaintext file of internal passwords were downloadable. The exposure, discovered on July 6, 2017 and remediated after notification, illustrates vendor risk and misconfigured services. Recommended mitigations included restricting rsync access, enforcing authentication and network ACLs, and implementing continuous vendor monitoring.
read more →

Exposure of Russian Telecom Infrastructure: MTS and Nokia

🔒 UpGuard secured a 1.7 TB repository that had been publicly accessible via an rsync server, containing schematics, administrative credentials, email archives, photographs, and installation materials tied to Russian telecommunications infrastructure. The dataset appears to primarily implicate Nokia and MTS, and includes detailed documentation for the SORM lawful-intercept system. UpGuard notified vendors and regulators and the files were taken offline after disclosure, though the exposure presented serious national security risks.
read more →

SAFECOM Updates Emergency Communications Lifecycle Guide

📢 CISA, in partnership with SAFECOM and NCSWIC, released an updated Emergency Communications System Lifecycle Planning Guide and companion Lifecycle Planning Tool on July 2, 2025. The suite refreshes the 2011 and 2018 materials and incorporates public safety practitioners' experiences to inform system build, maintenance, operation, decommission, and replacement decisions. The Lifecycle Guide offers recommendations and the Lifecycle Planning Tool provides checklists for each lifecycle phase. Resources and funding guidance are aligned to help jurisdictions plan technology upgrades.
read more →

Engineering Firm Exposes Critical Infrastructure Data

⚠️ UpGuard discovered a public rsync repository exposing data from Power Quality Engineering (PQE), including client inspection reports, infrared imagery and plaintext internal passwords. The July 2017 exposure allowed downloads of hundreds of gigabytes via port 873 and revealed schematics for clients such as Dell, Oracle, Texas Instruments, and the City of Austin, including a SCIF layout. PQE secured the server after notification; the incident highlights the large risk of simple misconfigurations and third‑party vendor failures.
read more →