< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 5 of 20

Iran-Backed Hackers Target US CNI via Internet-Facing OT

⚠ Iranian-affiliated threat actors have been exploiting internet-facing operational technology (OT) assets to target US critical national infrastructure (CNI) providers since late March, according to a CISA advisory. Attackers used vendor configuration tools such as Rockwell Automation's Studio 5000 Logix Designer to create accepted connections to PLCs and manipulated HMI/SCADA displays. Observed inbound traffic used ports 44818, 2222, 102, 22 and 502 and included deployment of Dropbear SSH for remote access. Agencies urge immediate log review, segmentation, and removal of direct internet exposure for PLCs.
read more →

Iran-Linked Hackers Disrupt U.S. OT Devices and PLCs

🔒 Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across U.S. critical infrastructure, including energy, water and government facilities. U.S. agencies warn attackers used third-party hosted infrastructure and Rockwell Automation tools to connect to CompactLogix and Micro850 PLCs, deploy Dropbear SSH, extract project files, and manipulate HMI/SCADA displays, causing degraded functionality and disruption. Organizations are advised to remove internet exposure, enforce multi-factor authentication, place firewalls or proxies in front of PLCs, disable unused features, keep devices up to date, and monitor for anomalous traffic.
read more →

US: Iranian Hackers Target Internet-Exposed PLCs Nationwide

⚠️ U.S. agencies warn that Iranian-affiliated APT actors are actively targeting Internet-exposed Rockwell/Allen-Bradley and other PLCs on networks supporting critical infrastructure sectors such as Water, Energy, and Government Services. The joint advisory from the FBI, CISA, NSA, DOE, EPA, and U.S. Cyber Command states intrusions since March 2026 have caused operational disruption, extraction of device project files, and manipulation of HMI/SCADA displays. Organizations are advised to disconnect PLCs from the Internet or protect them behind firewalls, apply the latest firmware, enable multifactor authentication for OT access, disable unused services and default keys, and monitor OT ports and logs for the advisory's indicators of compromise.
read more →

Iranian-Linked Actors Target Internet-Facing PLCs in US

🚨 CISA, the FBI, NSA and partner agencies warn that Iranian-affiliated APT actors are actively exploiting internet-facing operational technology controllers, notably Rockwell Automation/Allen-Bradley PLCs. The actors used vendor configuration software and leased overseas hosting to access exposed PLCs, extracted project files, and altered data shown on HMIs and SCADA displays, causing operational disruption and financial loss. Organizations should urgently apply the advisory's IOCs and mitigations: remove PLCs from direct internet exposure, enforce access controls and MFA, and contact vendor and federal incident contacts if targeted.
read more →

Securing Physical Systems as OT Comes Online in IT Era

🔒 Operational technology (OT) is rapidly moving online, creating new cyber-physical risks as industrial control systems connect to corporate IT. In a Fortinet Brass Tacks podcast, KPMG’s Hossain Alshedoki explains how visibility, culture, and measured extension of IT controls into OT are essential. He stresses resilience over replication of IT models, and prioritizes asset discovery before automation.
read more →

Siemens SICAM 8 Firmware DoS Vulnerabilities and Fixes

🔒 Siemens has identified vulnerabilities in SICAM 8 products that can cause denial-of-service conditions. Affected components include CPCI85 (CP-8031/CP-8050), RTUM85 (CP-8010/CP-8012) and SICORE/S8000 elements. Two CVEs were assigned: CVE-2026-27663 (resource exhaustion, CVSS 6.5) and CVE-2026-27664 (out-of-bounds write, CVSS 7.5). Siemens released firmware updates in the V26.10 family and recommends validated deployment and supervised update procedures; CISA advises minimizing network exposure, isolating control systems, and using secure remote access.
read more →

Yokogawa CENTUM VP Hardcoded PROG Account Password

🔒 Yokogawa CENTUM VP contains a hardcoded password for the PROG account used in CENTUM Authentication Mode, tracked as CVE-2025-7741. Under specific conditions, an attacker with access to HIS screen controls could log in as PROG and modify permissions or configuration. The issue affects R5.x, R6.x, and vR7.01.00 product families; it is not remotely exploitable and has high attack complexity. Recommended mitigations include switching to Windows Authentication Mode or applying vendor patch R7.01.10.
read more →

Hitachi Energy JasperReports RCE in Ellipse Products

⚠ Hitachi Energy disclosed a critical Java deserialization flaw in the Jaspersoft/Jasper Report library used by Ellipse, tracked as CVE-2025-10492, which can enable remote code execution. Affected versions include Ellipse 9.0.50 and earlier and the issue carries a CVSS 3.1 score of 9.8. Immediate mitigations include restricting loading of external custom reports to only administrator-approved Jasper files, isolating control systems from public networks, and following updates from Hitachi Energy PSIRT.
read more →

Critical Cisco IMC auth bypass gives attackers Admin access

🔒 Cisco has released patches for a critical Integrated Management Controller (IMC) authentication bypass (CVE-2026-20093) that allows unauthenticated, remote attackers to gain Admin privileges by sending a crafted HTTP password-change request. The flaw affects CIMC on UCS C-Series and E-Series servers and permits altering any account password, including Admin. Cisco's PSIRT reports no known in-the-wild exploitation or public proof-of-concept yet and stresses there are no workarounds, so customers should upgrade to fixed software immediately.
read more →

Most UK CNI Firms Face Up to £5m OT Downtime Costs

🔒 A survey by e2e-assure of 250 UK critical national infrastructure (CNI) cybersecurity decision-makers found 80% of organisations expect operational technology (OT) downtime costs between £100,000 and £5m, with 23% reporting incidents exceeding £1m and 6% above £5m. Nearly two-thirds said they fear nation-state attacks, and the vendor warned attackers commonly pivot from IT into exposed OT environments. Respondents also highlighted limited OT visibility and supply-chain risks that hinder detection, response and remediation efforts.
read more →

78% of UK Manufacturers Suffer Serious Cyber Incidents

🔒 New ESET polling of 500 senior IT, OT, operations, risk and security leaders shows 78% of UK manufacturers experienced a serious cyber incident in the past year. Most (95%) saw direct business impact and 53% reported financial losses, with supply chain disruption and missed commitments common. Respondents flagged AI-enabled attacks as the top production threat, yet only 22% assign cyber accountability to the board.
read more →

Critical Infrastructure Threats: Identity, Persistence

🔐 Microsoft Threat Intelligence warns that the cyber threat to critical infrastructure has shifted from opportunistic data theft to long-term, identity-driven persistence aimed at operational disruption. Hybrid IT–OT architectures, cloud-based identity, and exposed remote services enable adversaries—including nation-state actors—to establish low-visibility footholds using living-off-the-land techniques and valid credentials. Microsoft recommends continuous readiness, reducing exposure, and validating defenses through proactive compromise assessments to detect active or dormant intrusions before they are activated.
read more →

Critical Auth Bypass in Anritsu Remote Spectrum Monitors

⚠️ Anritsu Remote Spectrum Monitor models MS27100A, MS27101A, MS27102A, and MS27103A contain an inherent authentication bypass (CVE-2026-3356) that permits unauthenticated network users to access and control the device management interface. The vendor reports no planned patch and confirms the issue is a design limitation with no configurable authentication. Successful exploitation can expose signal data, change operational settings, or render devices unavailable. CISA recommends isolating affected devices and restricting network access.
read more →

Dutch Finance Ministry Shuts Treasury Portal After Breach

🔒The Dutch Ministry of Finance has taken several systems offline, including its digital portal for treasury banking, while investigating a security breach first detected on March 19. Around 1,600 public institutions are currently unable to view treasury balances or use portal services, though participants retain full access to funds and incoming/outgoing payments continue through regular banking channels. The ministry is working with the NCSC, external forensic specialists, and the national police; no data theft or responsible threat actor has been publicly confirmed.
read more →

Critical CLI Escape in WAGO Managed Switches (CVE-2026-3587)

⚠️ An unauthenticated remote attacker can trigger a hidden CLI function in WAGO industrial managed switches to escape the restricted interface and gain full control of the device. The vulnerability is tracked as CVE-2026-3587 and classified under CWE-912. CISA rates the issue CRITICAL with a CVSS v3.1 base score of 10.0. Operators should install vendor fixed firmware or, as an interim measure, disable SSH and Telnet.
read more →

FCC Bans Import and Sale of All Foreign-Made Routers

🔒 The FCC has banned the import and sale of all consumer-grade internet routers manufactured in foreign countries, saying they pose an 'unacceptable risk' to US national security. The rule, announced on 23 March, allows only devices with conditional DoD or DHS approval, effectively blocking most future consumer models because many are made abroad. The agency cited incidents such as the Volt, Flax and Salt Typhoon attacks, while industry experts caution that governance, patching and lifecycle management — not just country of origin — drive much of the risk.
read more →

FCC Blocks New Foreign-Made Consumer Routers Nationwide

🔒 The FCC announced a ban on imports of new foreign-made consumer routers, citing unacceptable cyber and national security risks after an Executive Branch determination. New models are placed on the Covered List unless granted Conditional Approval by the Department of War or DHS; Starlink routers are exempt. Existing customer-owned devices and previously authorized models remain legal to use and sell.
read more →

FCC Bans Sale of New Consumer Routers Made Outside USA

🔒 The FCC has expanded its Covered List under the Secure and Trusted Communications Networks Act to include all consumer routers manufactured outside the United States, effectively banning the sale of new foreign-made models. The move follows a National Security Determination that identified foreign-produced routers as a significant supply-chain threat and cited recent compromises linked to groups such as Volt, Flax, and Salt Typhoon. The agency permits limited exemptions and an alternative approval path for vendors that transparently disclose ownership, manufacturing, and supply-chain details and commit to onshoring critical component production. Existing routers remain available, but consumers may face reduced model availability and higher prices as certification adds time and cost.
read more →

Dmytro Kuleba to Headline Infosecurity Europe 2026 Keynote

🎤 Infosecurity Europe has named former Ukrainian Foreign Minister Dr. Dmytro Kuleba as a headline keynote for its 2–4 June 2026 conference at ExCeL London. Kuleba will speak on 3 June at 10:05 about 'Ukraine's Hybrid War and the New Cyber Frontline,' sharing lessons on coordinated cyber‑kinetic attacks, disinformation and why Western enterprises are increasingly the primary cyber frontline. Attendees will hear practical insights for resilience.
read more →

Dutch Ministry of Finance Confirms Systems Breach Detected

🛡️ The Dutch Ministry of Finance confirmed unauthorized access to some of its systems after being notified by a third party on March 19. ICT security detected the intrusion and access to affected systems has been blocked while an investigation is ongoing. The incident disrupted work for a portion of employees but, the ministry says, did not affect systems that manage tax collection, customs, or income-linked subsidies. Officials have not disclosed the number of employees impacted, whether data was stolen, or an attribution for the attack.
read more →