< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 3 of 20

Siemens SIMATIC HMI Vulnerability in Unified Panels

🔒 Siemens reports that SIMATIC HMI Unified Comfort Panels before V21.0 are vulnerable to an unauthenticated access issue that exposes the embedded web browser via the Control Panel help link when access protections are not applied. The flaw is attributed to insecure default initialization (CWE-1188) and carries a vendor CVSS v3 score of 7.7. Siemens recommends updating affected panels to V21 or later, disabling the taskbar, and following operational security guidance to enable Control Panel access protection and change runtime autostart settings.
read more →

Siemens SIMATIC S7 Web Server Cross-Site Scripting Risks

⚠ Siemens SIMATIC S7 PLC web servers contain multiple cross-site scripting (XSS) vulnerabilities in their web interfaces that could allow an authenticated user with rights to download TIA projects to inject malicious scripts. Affected pages include the Communication parameters, Motion Control Diagnostics, and Firmware Update pages, where names or filenames are not properly sanitized. Siemens has published updates for several affected firmware lines—update to V2.9.9 or V3.1.6 or later where available—and is preparing further fixes. CISA republished the advisory and recommends restricting project downloads and firmware update rights, isolating devices, and applying vendor updates or compensating controls.
read more →

Siemens routers and switches vulnerable to IPv4 DoS

⚠️ A null pointer dereference vulnerability has been identified in multiple Siemens networking and industrial routers and gateways when processing specially crafted IPv4 requests. Exploitation can cause a denial-of-service condition that forces affected devices to stop responding and disrupts networked control functions. Recovery requires a manual restart of the device. Affected product families include SCALANCE, SIMATIC, RUGGEDCOM and IE/PB link variants, spanning many router, switch, and gateway models.
read more →

Siemens Ruggedcom Rox: Multiple Critical Vulnerabilities

🚨 Siemens reports that Ruggedcom Rox devices prior to V2.17.1 contain numerous third‑party vulnerabilities and has released updated firmware; customers are urged to update immediately. The issues include uncontrolled recursion, integer underflow/overflow, multiple stack- and heap-based buffer overflows, use‑after‑free, improper input validation and path traversal, among others. Affected components include Das U‑Boot, QEMU emulation modules, Python email parsing, linux‑pam and other supporting libraries. Apply the vendor updates to mitigate risks such as denial of service, boot bypass or potential code execution.
read more →

Siemens SIPROTEC 5 Session ID Randomness Vulnerability

⚠️ The Siemens SIPROTEC 5 series employs insufficiently random values for session identifiers on a subset of web endpoints, enabling an unauthenticated remote actor to brute-force and hijack valid sessions. Exploitation can permit limited read access to web server information without authorization. Siemens is preparing fixes and recommends updating to V11.0 or later where available, validating updates, and applying network protections such as segmentation, firewalls, and controlled remote access procedures.
read more →

Siemens Teamcenter vulnerabilities: patches and guidance

🔔 Siemens disclosed multiple vulnerabilities in Teamcenter that could affect availability, integrity, and confidentiality of affected installations. The vendor published patches across several builds and recommends administrators update to the indicated fixed versions (examples include V2312.0009, V2406.0006, V2412.0009, V2506.0005 and later). Identified issues include improper error checking (CWE-754), cross-site scripting (CWE-79), and hard‑coded credentials (CWE-798). CISA and Siemens advise minimizing network exposure, isolating control systems, applying vendor updates promptly, and following Siemens' industrial security guidance.
read more →

Siemens SENTRON PAC1261 Request Smuggling Patch Advisory

🔒 The web server in Siemens SENTRON 7KT PAC1261 Data Manager (versions before V2.1.0) contains a request smuggling vulnerability in the Go net/http package that can expose authorization tokens and permit administrative takeover. Siemens has released V2.1.0 to remediate the issue and recommends immediate updating. Mitigations include using encrypted protocols, restricting network exposure, and following vendor operational security guidance.
read more →

Siemens Opcenter RDnL: ActiveMQ Artemis Authentication Flaw

🔒 Siemens reports that Opcenter RDnL is affected by a Missing Authentication for Critical Function in Apache ActiveMQ Artemis. An unauthenticated actor on an adjacent network can force a broker to open an outbound Core federation to an attacker-controlled broker, risking message injection and availability impacts. Siemens and Apache recommend updating to Apache Artemis 2.52.0 or later and applying mitigations such as Core interceptors, disabling Core on exposed acceptors, and enforcing two-way SSL.
read more →

Fortinet fixes critical RCE flaws in Authenticator, Sandbox

🔒 Fortinet released Patch Tuesday updates addressing two critical remote code execution vulnerabilities: FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both rated 9.1. The flaws permit unauthenticated attackers to execute arbitrary commands; Fortinet advises upgrading FortiAuthenticator to 6.5.7/6.6.9/8.0.3 and FortiSandbox to 4.4.9 or 5.0.2. Both issues were found internally and have not yet been observed exploited in the wild, but Fortinet RCEs have been weaponized previously. Administrators should prioritize immediate patching and monitor credentials and logs.
read more →

CISA's CI Fortify: Guidance for Isolation and Recovery

🔒 CISA has launched CI Fortify, urging water, energy, transportation and communications operators to plan to disconnect from third-party networks and maintain essential services if targeted by cyber-attacks. The guidance sets two core objectives: isolation — proactively segmenting OT from business and upstream networks to keep services running in degraded communications — and recovery — documenting systems, backing up critical files and rehearsing component replacement or manual operation. Operators are advised to identify critical customers, set service targets, update continuity plans for prolonged isolation, and share the guidance with vendors, integrators and managed service providers.
read more →

Student Hacks TETRA System, Stops Taiwan High-Speed Trains

🔴 A 23-year-old university student in Taiwan was arrested after allegedly interfering with the country's TETRA-based communications for the Taiwan High Speed Rail (THSR). Authorities say he used SDR equipment and handheld radios to transmit a high-priority 'General Alarm' on April 5, forcing emergency brakes and halting four trains for 48 minutes. Investigators found decoded radio parameters and an accomplice who supplied critical THSR settings. Equipment including 11 radios, an SDR and a laptop were seized; the suspect faces criminal charges and was released on NT$100,000 bail.
read more →

CISA Urges Critical Infrastructure to Prepare for Isolation

🔒 CISA has launched the CI Fortify initiative to help critical infrastructure operators prepare to operate in isolation from the internet and third-party services during major cyber incidents. The program focuses on controlled isolation—distinct from traditional air-gapping—combined with local manual operations and rapid restoration. CISA will provide targeted assessments, guidance, and exercises during a pilot phase while urging operators to map dependencies and invest in resilient architectures.
read more →

CISA Launches CI Fortify to Bolster Infrastructure Resilience

🔒 CISA released new guidance called CI Fortify to help critical infrastructure organizations prepare to operate through crises and conflicts and continue delivering essential services while under cyberattack. The guidance centers on two emergency capabilities: Isolation — proactively disconnecting from third-party dependencies and operating without reliable telecommunications — and Recovery — rapidly restoring compromised systems while isolated. CISA urges organizations to begin investing now, test recovery plans, and practice local and manual operations to maintain a baseline of continuity.
read more →

DDoS Surge During Milano Cortina 2026 Winter Games

📈 The Milano Cortina 2026 Winter Games coincided with a dramatic rise in DDoS activity against Italian infrastructure, with attack frequency increasing 181% year-over-year from 2025. NETSCOUT ASERT recorded 12,963 attacks during the core Games window (Feb 6–23), peaking at more than 2,200 attacks on single days and shifting tactics from high-bandwidth floods to packet-rate–intensive vectors. The hacktivist group NoName057(16) dominated public claims, while ransomware groups and other actors also asserted responsibility. Adaptive defenses such as NETSCOUT ATLAS and Arbor products were highlighted as important mitigations.
read more →

Small US Defense Contractors Lack Network Telemetry

🛡️ Small and mid-size US defense contractors lack the network telemetry needed to detect nation-state reconnaissance and pre-positioning operations, Team Cymru analyst Stephen Campbell warns. He says state-backed groups are increasingly targeting edge infrastructure — routers, firewalls and VPN gateways — and using living-off-the-land techniques and legitimate cloud services to evade endpoint alerts. Campbell urges firms to deploy NetFlow pattern recognition, map infrastructure, patch and segment systems, and hunt for anomalous DNS and lateral movement to uncover stealthy access.
read more →

CISA Urges Zero Trust Adoption for Operational Technology

🔒 CISA has instructed owners and operators of operational technology to stop assuming network safety and released joint guidance, Adapting Zero Trust Principles to Operational Technology, to apply Zero Trust to systems supporting power, water, transportation, building automation, and weapons-support infrastructure. The 28-page guide — developed with the Department of War, Department of Energy, FBI, State Department and NIST technical input — emphasizes assuming adversaries are inside, validating access by identity, context, and risk, and tailoring controls to OT constraints like latency and safety.
read more →

ODNI 2026 ATA Signals Shift: Private Sector on Alert

🔍 The ODNI’s 2026 Annual Threat Assessment pivots from long-term, global forecasting to active operational reporting and a homeland-centric focus. This shift de-emphasizes detailed tracking of state-led infrastructure campaigns and named operations, leaving gaps in visibility on pre-positioned access. CISOs and CROs are urged to fund a resilience premium and prioritize identity, infrastructure continuity, algorithmic defense, and intelligence integration.
read more →

April 2026 security roundup: Tony Anscombe insights

🔒 ESET Chief Security Evangelist Tony Anscombe reviews April’s top cybersecurity developments, including rising Microsoft Teams helpdesk impersonation scams, an Iranian-linked campaign targeting Rockwell programmable logic controllers exposed on U.S. critical infrastructure networks, and the FBI IC3’s finding that U.S. victims lost nearly $21 billion to cyber-enabled crime last year. Tony offers practical mitigation advice — from stricter verification and access controls for remote support to network segmentation, patching, and monitoring for industrial control systems — and invites viewers to watch the video for deeper context and comparisons to prior years.
read more →

Adapting Zero Trust Principles for Operational Technology

🔒 CISA, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, published joint guidance on applying Zero Trust principles to operational technology. The guidance addresses IT-OT convergence risks, legacy infrastructure limitations, operational and safety constraints, and recommends layered controls such as asset visibility, identity and access management, network segmentation, secure communication protocols, and vulnerability management. It emphasizes continuous validation of access and proactive supply chain risk management to protect critical physical processes.
read more →

Q1 2026 Internet Disruptions: Shutdowns, Outages, Attacks

🌐 This report reviews major Internet disruptions in Q1 2026, including prolonged government-directed shutdowns in Uganda and Iran, repeated national grid failures in Cuba, and physical damage to AWS facilities in the Middle East. It summarizes outages caused by power failures, severe weather, cable damage, technical faults, and military action, and highlights their scale and duration. The analysis is based on Cloudflare Radar observations and routing data and emphasizes systemic risks to connectivity.
read more →