< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 4 of 20

Bluetooth Trackers Hidden in Mail Compromise Naval Security

📦 A Dutch journalist followed instructions on a government website to conceal a Bluetooth tracker inside a mailed postcard addressed to a naval ship, enabling observers to follow the vessel for roughly a day as it sailed from Heraklion, Crete, toward Cyprus. Navy personnel discovered the device during routine mail sorting within 24 hours of arrival and disabled it. As a result, Dutch authorities now ban electronic greeting cards from naval mail to close that screening gap.
read more →

Critical Path Traversal in Intrado 911 Emergency Gateway

⚠️ CISA warns of a critical path traversal vulnerability (CVE-2026-6074) in Intrado 911 Emergency Gateway that can expose the EGW management interface to unauthenticated access from an attacker with network access. The flaw enables reading, modifying, or deleting files and has a CVSS v3.1 base score of 9.8. Intrado released an update on March 2, 2026; organizations should apply the vendor patch immediately. Apply CISA guidance to minimize internet exposure and contact E911Support@intrado.com for vendor coordination.
read more →

Advisory: Defending Against China-Nexus Covert Networks

🛡️ CISA and the U.K. NCSC, together with federal and international partners, released an advisory on deniable, dynamic covert networks exploited by Chinese government-linked actors. The advisory outlines how threat groups leverage weak home, small-office, and IoT devices to build large botnets that enable espionage, intrusion, device takeover, and data theft. It provides actionable detection and mitigation steps — including asset mapping, connection baselining, persistent log collection, and multifactor authentication — to help organizations protect critical infrastructure.
read more →

Critical Carlson VASCO-B GNSS Receiver Authentication Flaw

⚠️ The Carlson VASCO-B GNSS Receiver contains an authentication bypass that allows unauthenticated network access to device configuration and operational functions. Affected firmware builds are versions prior to 1.4.0 (CVE-2026-3893) and the issue carries a CVSS 3.1 base score of 9.4 (Critical). Carlson Software recommends updating to 1.4.0 or later and restricting network exposure. Follow network segmentation and firewall controls to mitigate exposure until you apply the update.
read more →

UK Commits £90m to Cybersecurity and Resilience Pledge

🔐 The UK government has pledged £90m to bolster national cyber resilience, announced at the NCSC's CYBERUK conference on 22 April, with a particular emphasis on supporting small and medium-sized enterprises. The funding will promote adoption of the Cyber Essentials standard, which recently passed a 10,000 quarterly certification milestone and saw around a 20% uplift in uptake. Ministers will also launch an Cyber Resilience Pledge this summer requiring signatories to make cyber security a board-level responsibility, join the NCSC Early Warning service and mandate Essentials across supply chains.
read more →

Lotus Wiper Targets Venezuelan Energy Sector, Destroying Data

⚠️ Kaspersky has identified a previously undocumented file wiper named Lotus Wiper that was used in destructive attacks against Venezuela's energy and utilities sector in late 2025 and early 2026. The campaign relies on two coordinated batch scripts that weaken defenses, probe NETLOGON shares and legacy services, and prepare the environment to deploy a wiper that erases recovery mechanisms, overwrites drives and deletes files. The artifact contains no extortion demands, indicating a targeted, non-financially motivated destructive operation likely planned well in advance.
read more →

UK Faces 'Perfect Storm' of Nation-State Cyber Threats

⚠️ Richard Horne, CEO of the NCSC, warned at the tenth annual CYBERUK in Glasgow that the UK faces a “perfect storm” driven by rising geopolitical tensions and rapid AI-led technological change. He said nationally significant incidents remain broadly steady since the NCSC's last review, but the most serious threats now originate from nation states — notably Russia, China and Iran. The briefing urged organisations to shift from a prevention-only posture to a resilience mindset and to ensure fundamentals such as full visibility, 24/7 monitoring and correct configuration are in place.
read more →

New Lotus wiper targets Venezuelan energy and utilities

🔴 Kaspersky researchers analyzed a previously undocumented data-wiping malware, dubbed Lotus, uploaded from a Venezuelan host in mid-December and used in targeted attacks against energy and utility organizations in Venezuela. Before detonation the attacker runs two batch scripts that weaken defenses, change account passwords, log off users, disable network interfaces and run destructive tools like diskpart, robocopy and fsutil to overwrite and fill drives. The Lotus binary then performs low-level IOCTL operations, clears USN journals, deletes restore points and overwrites physical sectors to render systems unrecoverable. Administrators are advised to monitor these precursor activities and maintain offline, validated backups.
read more →

22 BRIDGE:BREAK Flaws in Lantronix and Silex Converters

⚠️ Forescout Research Vedere Labs disclosed 22 vulnerabilities, labeled BRIDGE:BREAK, in popular Lantronix and Silex serial-to-IP converters that bridge legacy serial equipment to IP networks. Researchers located nearly 20,000 exposed devices online and warned that several flaws permit full takeover or tampering with serial traffic. Affected models include Lantronix EDS3000PS/EDS5000 and Silex SD330-AC; vendors have issued firmware updates and advisories. Operators should patch immediately, remove default credentials, segment networks, and avoid exposing these converters to the internet.
read more →

Hardy Barth Salia EV Charge Controller Vulnerabilities

🚨 CISA warns that the Hardy Barth Salia EV Charge Controller running firmware up to 2.3.81 contains two file‑upload vulnerabilities that can crash devices and may enable remote code execution. The issues are tracked as CVE-2025-5873 (CVSS 6.3) and CVE-2025-10371 (CVSS 7.3) and have public proof‑of‑concepts. Hardy Barth did not respond to coordination requests; operators should minimize network exposure and contact the vendor or eCharge for remediation guidance.
read more →

Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation

🔒 Siemens has identified a privilege escalation vulnerability (CVE-2026-27668) in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) that permits authenticated User Administrators to grant themselves access to any device group. The issue affects SAM-P versions prior to V5.8; Siemens has released V5.8 to remediate the flaw and recommends immediate updates. Operators should also minimize network exposure and follow established industrial security guidelines.
read more →

Handala, CyberAv3ngers and Iran’s Proxy Cyber Ops Activities

🔍 US authorities issued an April 7 advisory warning that Iranian-affiliated APTs could be conducting infrastructural cyberattacks, citing links to 2023 water and wastewater incidents attributed to CyberAv3ngers. The article examines two prominent groups — Handala Hack Team and CyberAv3ngers — and argues they function as proxy or false-flag operations likely tied to Iran’s Ministry of Intelligence. It describes a broader pattern of gray warfare, where state actors obscure involvement to retain plausible deniability while exerting persistent pressure on adversaries.
read more →

ZionSiphon OT Malware Targets Water Treatment Systems

🔎 Darktrace researchers have analyzed a newly identified malware called ZionSiphon that combines typical endpoint compromise techniques with functions tailored to industrial control systems, specifically targeting water treatment and desalination infrastructure. The sample includes privilege escalation, persistence, and USB-based propagation alongside environment and software checks for reverse osmosis and chlorine control. While it can scan OT protocols such as Modbus and attempt register modifications, implementation gaps and a country-validation flaw suggest the strain is an early-stage tool that may fail to activate in many environments.
read more →

NCSC outlines coordinated NHS plan to boost cyber resilience

🔒 The NCSC has published a coordinated plan to improve NHS cyber resilience, focusing on piloting tools via ACD 2.0, securing the software supply chain, managing vulnerability disclosures, enhancing visibility and promoting services such as Early Warning, the Cyber Action Toolkit and Cyber Essentials. The agency is applying the Software Security Code of Practice in procurement and using data science to prioritise supplier risk while its Vulnerability Reporting Service continues to support GP surgeries, trusts and health boards. Additional measures include the NHS App adopting passkeys, attack surface management, deception-technology experiments, DNS analytics and Threat Hunting Workshops to develop playbooks and strengthen sector collaboration.
read more →

Critical Architectural Flaw in MCP Threatens AI Supply Chain

⚠️ Researchers have identified a critical, systemic vulnerability in MCP, the open source model context protocol developed by Anthropic. An Ox Security report published on April 15 says an architectural decision in official MCP SDKs causes the STDIO interface to execute arbitrary commands even when a local server process fails to start, enabling attackers to run malicious commands without sanitization. The flaw could expose API keys, chat histories, internal databases and other sensitive data across thousands of instances, and Ox Security reports that Anthropic has declined to change the protocol.
read more →

Rolling Networks: Securing Cyber Risks in Transport

🚚 Modern trucks are "rolling networks" loaded with communications systems, sensors, cloud-connected devices and Wi-Fi, creating expansive attack surfaces. Ben Wilkens of NMFTA warns that cybercriminals exploit the sector’s uptime pressure with ransomware, extortion and cyber-enabled cargo theft. Core hygiene—MFA, network segmentation, social engineering training and timely patching—can significantly reduce risk but must be adapted for small carriers. NMFTA advances research, guidance and an annual conference to help the industry collaborate and strengthen defenses.
read more →

German military warns: Hybrid attacks on infrastructure

🔒 Vice Admiral Thomas Daum warned that hybrid attacks on Germany's critical infrastructure and Bundeswehr forces abroad have risen noticeably since 2022. At NATO's Locked Shields exercise he cited targeted intrusions against Bundeswehr data centres, alleged phone tapping of deployed personnel and disinformation campaigns in Lithuania. Authorities suspect state actors including Russia, China, Iran and North Korea, while energy firms, banks and local authorities remain at risk.
read more →

Critical wolfSSL vulnerability allows forged certificates

🔒 A critical vulnerability in the wolfSSL TLS/SSL library (tracked as CVE-2026-5194) permits improper verification of hash algorithms and sizes when validating ECDSA and other signatures. Researchers warn attackers can present forged certificates with undersized digests that vulnerable implementations will accept, enabling impersonation of servers, files, or connections. Discovered by Nicholas Carlini of Anthropic, the issue was fixed in wolfSSL 5.9.1 (April 8); administrators should review deployments and apply updates or vendor patches promptly.
read more →

CISA Orders Federal Agencies to Patch Ivanti EPMM Flaw

⚠️ CISA has ordered U.S. federal agencies to remediate a critical Ivanti Endpoint Manager Mobile flaw (CVE-2026-1340) that has been exploited since January. The agency added the bug to its Known Exploited Vulnerabilities catalog and invoked BOD 22-01, giving agencies until Saturday, April 11 to patch or mitigate affected systems. Ivanti released fixes on January 29 and urged all customers to update immediately.
read more →

Iran-linked PLC Attacks Disrupt US Critical Infrastructure

⚠️Six US agencies warn an Iranian-affiliated group has compromised internet-exposed programmable logic controllers at water, energy, and government facilities since at least March 2026. The actors used leased overseas infrastructure and legitimate Rockwell Automation configuration tools to access CompactLogix and Micro850 controllers. Victims suffered operational disruption, project file theft, altered SCADA/HMI data, and persistent remote access.
read more →