All news with #critical infrastructure tag

⚠️ Anritsu Remote Spectrum Monitor models MS27100A, MS27101A, MS27102A, and MS27103A contain an inherent authentication bypass (CVE-2026-3356) that permits unauthenticated network users to access and control the device management interface. The vendor reports no planned patch and confirms the issue is a design limitation with no configurable authentication. Successful exploitation can expose signal data, change operational settings, or render devices unavailable. CISA recommends isolating affected devices and restricting network access.

🔒The Dutch Ministry of Finance has taken several systems offline, including its digital portal for treasury banking, while investigating a security breach first detected on March 19. Around 1,600 public institutions are currently unable to view treasury balances or use portal services, though participants retain full access to funds and incoming/outgoing payments continue through regular banking channels. The ministry is working with the NCSC, external forensic specialists, and the national police; no data theft or responsible threat actor has been publicly confirmed.

⚠️ An unauthenticated remote attacker can trigger a hidden CLI function in WAGO industrial managed switches to escape the restricted interface and gain full control of the device. The vulnerability is tracked as CVE-2026-3587 and classified under CWE-912. CISA rates the issue CRITICAL with a CVSS v3.1 base score of 10.0. Operators should install vendor fixed firmware or, as an interim measure, disable SSH and Telnet.

🔒 The FCC has banned the import and sale of all consumer-grade internet routers manufactured in foreign countries, saying they pose an 'unacceptable risk' to US national security. The rule, announced on 23 March, allows only devices with conditional DoD or DHS approval, effectively blocking most future consumer models because many are made abroad. The agency cited incidents such as the Volt, Flax and Salt Typhoon attacks, while industry experts caution that governance, patching and lifecycle management — not just country of origin — drive much of the risk.

🔒 The FCC announced a ban on imports of new foreign-made consumer routers, citing unacceptable cyber and national security risks after an Executive Branch determination. New models are placed on the Covered List unless granted Conditional Approval by the Department of War or DHS; Starlink routers are exempt. Existing customer-owned devices and previously authorized models remain legal to use and sell.

🔒 The FCC has expanded its Covered List under the Secure and Trusted Communications Networks Act to include all consumer routers manufactured outside the United States, effectively banning the sale of new foreign-made models. The move follows a National Security Determination that identified foreign-produced routers as a significant supply-chain threat and cited recent compromises linked to groups such as Volt, Flax, and Salt Typhoon. The agency permits limited exemptions and an alternative approval path for vendors that transparently disclose ownership, manufacturing, and supply-chain details and commit to onshoring critical component production. Existing routers remain available, but consumers may face reduced model availability and higher prices as certification adds time and cost.

🎤 Infosecurity Europe has named former Ukrainian Foreign Minister Dr. Dmytro Kuleba as a headline keynote for its 2–4 June 2026 conference at ExCeL London. Kuleba will speak on 3 June at 10:05 about 'Ukraine's Hybrid War and the New Cyber Frontline,' sharing lessons on coordinated cyber‑kinetic attacks, disinformation and why Western enterprises are increasingly the primary cyber frontline. Attendees will hear practical insights for resilience.

🛡️ The Dutch Ministry of Finance confirmed unauthorized access to some of its systems after being notified by a third party on March 19. ICT security detected the intrusion and access to affected systems has been blocked while an investigation is ongoing. The incident disrupted work for a portion of employees but, the ministry says, did not affect systems that manage tax collection, customs, or income-linked subsidies. Officials have not disclosed the number of employees impacted, whether data was stolen, or an attribution for the attack.

💧Water utilities facing aging operational systems and limited IT staff are improving cybersecurity by sharing information and coordinating responses. A two-year pilot led by the Cyber Readiness Institute and the Center on Cyber and Technology Innovation, sponsored by Microsoft, enrolled about 200 small and mid-sized utilities. The study found that combining cybersecurity training with hands-on technical assistance, stronger sector links and practical support is more effective than distributing guidance alone.

🔊 Denver's newly installed pedestrian audio units on East Colfax Avenue were hijacked over the weekend to broadcast explicit anti-Trump messages in a robotic voice, startling pedestrians. Officials report the devices were activated while still using factory-default credentials; passwords have since been changed and police are investigating. The tampering created a safety hazard for people with visual impairments and echoes prior incidents involving Polara crosswalk systems.

🔒 The FBI has seized two clearnet domains used by the Iranian-linked hacktivist group Handala after its destructive cyberattack on medical device maker Stryker. A seizure banner cites a Maryland court warrant and says the domains facilitated malicious cyber activities; DNS now points to FBI name servers. Handala acknowledged the seizures and said it will rebuild resilient infrastructure. Microsoft and CISA issued guidance to help organizations secure Intune and Windows domains against similar compromises.

🔒 Multiple vulnerabilities in IGL-Technologies eParking.fi allow unauthenticated actors to connect to OCPP WebSocket endpoints, impersonate charging stations, issue commands, hijack sessions, or disrupt charging services via denial-of-service. CISA rates the most severe issue CVSSv3.1 9.4 (Critical). IGL-Technologies has implemented stronger authentication, device-level whitelisting, rate limiting, and enhanced monitoring; encrypted OCPP deployments and the proprietary eTolppa protocol are not impacted.

🔒 Security leaders at the UK's critical national infrastructure (CNI) firms are increasingly turning to regulatory compliance to steer cyber investment and maturity, Bridewell's Cybersecurity in CNI Report 2026 finds. The study shows 35% of leaders cite regulation as the primary influence, up from 26% in 2025. Adoption of frameworks like the NCSC CAF and NIS2 remains uneven, and organisations report widespread incidents and rising AI concerns.

🔒 CrowdStrike Falcon Platform for Government now includes Falcon for XIoT, delivering FedRAMP High–authorized visibility and protection for connected and operational technology assets. The solution provides native, zero‑touch XIoT asset discovery with deep protocol support and ICS vendor validation to preserve operational continuity across critical infrastructure. It also leverages AI-powered risk prioritization to surface and rank high‑risk conditions across converged IT/OT environments.

🔒 The Council of the European Union has sanctioned three companies and two individuals from China and Iran for cyberoperations that targeted devices and critical infrastructure. The measures name Integrity Technology Group (linked to the Raptor Train botnet), Anxun Information Technology (i‑Soon) and Iranian firm Emennet Pasargad. Listed parties face asset freezes and prohibitions on accessing funds, and natural persons are subject to travel bans through EU territory.

⚡Eon reports a sharp rise in cyberattacks on its power distribution networks, now seeing several hundred daily probes—a tenfold increase compared with five years ago, board member Thomas König said. The company highlights the security challenges of an increasingly digitized grid. Eon engages external providers to run attack simulations and strengthen defences while operating about one third of Germany's distribution network.

⚠ CISA warns that multiple critical vulnerabilities affect CODESYS components bundled with Festo Automation Suite, including several issues rated CVSS 3.1 9.8. Affected installations include FAS releases prior to 2.8.0.138 and FAS 2.8.0.137 when using CODESYS 3.0 or 3.5.16.10; beginning with FAS 2.8.0.138, CODESYS is no longer bundled and must be installed separately. Vendors recommend updating to CODESYS Development System 3.5.21.20, applying Festo updates, avoiding untrusted project files, and minimizing network exposure of control systems.

⚠️ Schneider Electric has disclosed a critical vulnerability affecting SCADAPack x70 RTUs (including SCADAPack 47xi, 47x, and 57x) that communicates over Modbus TCP. Exploitation could allow remote code execution, denial of service, and loss of confidentiality or integrity. Known affected products include SCADAPack 57x and RemoteConnect versions prior to R3.4.2; vendor fixes are available in RemoteConnect R3.4.2 and SCADAPack firmware 9.12.2. If immediate patching is not possible, implement network segmentation, enable the RTU firewall service, disable the logic debug service, and follow the SCADAPack security guidelines.

🚗 Local authorities in Perm, Russia, reported a large-scale cyberattack that knocked the city's automated parking payment systems offline, attributing the outage to a massive DDoS attack. The permparking.ru portal and associated payment channels were overwhelmed, prompting officials to waive parking fees from 10–13 March while recovery teams worked. Authorities aimed to have services restored by 16 March. DDoS campaigns typically use botnets to flood services and block legitimate transactions.

🔒 Fortinet has been named a Challenger in the 2026 Gartner Magic Quadrant for Cyber-Physical Systems (CPS) Protection Platforms. The recognition underscores the capabilities of the Fortinet OT Security Platform to secure converged IT/OT environments through deep OT visibility, protocol-aware segmentation, and integrated networking and security. Fortinet emphasizes unified management, ruggedized firewalls, secure SD-WAN, ZTNA, NAC, and AI-driven operations to reduce risk while preserving uptime and safety in industrial settings.