All news with #critical infrastructure tag

🔒 Fortinet was named a Challenger in the 2026 Gartner Magic Quadrant for Cyber-Physical Systems Protection Platforms, highlighting recognition of the Fortinet OT Security Platform. The vendor positions its solution as a unified approach that delivers OT-aware controls—automated discovery, protocol visibility, segmentation, and ruggedized firewalls—while avoiding disruption to uptime and safety. Fortinet emphasizes integrated networking and security to reduce complexity and accelerate detection and response across converged IT/OT environments.

🛡️ Poland’s National Centre for Nuclear Research (NCBJ) says its IT infrastructure was targeted by a cyberattack that was detected and blocked before causing any impact. Security systems and internal procedures enabled rapid containment, and the institute reports that the MARIA research reactor was unaffected and continues to operate safely. Authorities have been notified and an investigation is underway.

⚠️ Siemens SIMATIC S7-1500 devices are affected by a high-severity vulnerability (CVE-2025-40943) that allows code injection when a user imports a specially crafted trace file via the device web interface. Siemens has released fixes (notably V4.1.2 and later) for many affected products and is preparing additional updates. Where patches are not yet available, Siemens and CISA advise disabling the web server if unused, restricting access to TCP ports 80/443, and only importing trusted trace files.

⚠️ Siemens reports that SIDIS Prime versions prior to V4.0.800 include multiple vulnerabilities in third‑party components such as OpenSSL, SQLite, and a range of Node.js libraries. The advisory enumerates numerous CVEs covering memory corruption, DoS, XSS, path traversal, prototype pollution, and other weaknesses. Siemens and CISA recommend updating to V4.0.800 or later, restricting network exposure, and following vendor operational guidance before deployment. Affected systems are used worldwide in critical manufacturing environments and should be assessed promptly.

🔐 Fortinet disclosed multiple FortiOS vulnerabilities that affect Siemens RUGGEDCOM APE1808 devices. Siemens has issued firmware updates and advises operators to install vendor fixes promptly. Issues include an authentication bypass, HTTP request smuggling, and an externally controlled format string that can enable code execution or unauthorized access. Apply vendor patches and limit device exposure.

⚠️CISA warns that Honeywell IQ4x Building Management System controllers expose a factory-default web HMI without authentication (tracked as CVE-2026-3611). An unauthenticated actor able to reach the HTTP interface can create administrative accounts via the U.htm function, gain full read/write control, and potentially lock out legitimate operators. Honeywell has not issued a patch; apply network mitigations immediately.

⚠️ Legacy operational technology in critical plants — often running unsupported systems like Windows XP and using insecure protocols — represents a persistent and escalating cyber risk. The author, an experienced OT security practitioner, identifies three main blockers: the taboo of planned downtime, cultural and language gaps between IT and OT teams, and diffused budget and accountability. He documents a typical attack chain that begins in IT, moves laterally through poorly segmented networks, and exploits unmonitored legacy controllers, and recommends a pragmatic, phased response: risk-based inventory, IEC 62443-aligned segmentation, OT-aware monitoring, compensating controls and stepwise modernization to reduce exposure without halting production.

🛩️ The article examines growing international concerns about dependence on U.S.-supplied aircraft software, focusing on the F-35 program and the political and operational risks that follow. It highlights a recent remark by the Dutch Defense Secretary that the jets could be jailbroken to run third-party software, a statement that underscores frustration with vendor-controlled maintenance. The piece frames this as part of a broader debate over vendor lock-in, sovereignty, and the security implications of controlling mission-critical systems. It warns that technical, legal, and safety trade-offs complicate any unilateral attempt to modify certified avionics.

🔒 The Trump Administration published a national cyber strategy on March 6, 2026, presenting a broad framework to strengthen US digital defenses, counter foreign adversaries and accelerate technological innovation. The plan centers on six policy pillars, covering offensive and defensive operations, streamlined cybersecurity and data regulation, federal network modernization, critical infrastructure and supply chain protection, leadership in emerging technologies and workforce expansion. It stresses proactive use of the full range of government tools — including offensive cyber operations, law enforcement and economic sanctions — alongside deeper public–private coordination. Industry leaders welcomed the priorities but warned implementation will depend on funding, contracting vehicles and clear operational authorities.

⚔️ The White House released a concise seven-page cybersecurity strategy developed by the Office of the National Cyber Director that places offensive cyber operations at the center of U.S. policy while also pushing deregulation and accelerated AI adoption. It articulates six implementation pillars including shaping adversary behavior, modernizing federal networks with AI and zero-trust, securing critical infrastructure, and building workforce capacity. Industry responses were broadly positive from vendors emphasizing AI and quantum-safe security, but defenders warn the emphasis on proactive offense and deregulatory moves could raise escalation and resilience concerns.

🔐 The U.S. National Cyber Strategy offers a clear, action-oriented agenda to protect the digital way of life by emphasizing disruption of hostile actors, streamlined regulation, federal network modernization, and the security of AI and quantum technologies. Palo Alto Networks endorses the strategy and highlights practical measures—such as reciprocity for government software certifications, a four-stage quantum-safe framework, and its Secure AI by Design Policy Roadmap—to help operationalize these priorities through public–private collaboration.

🎓 Ransomware groups have shifted from encrypting files to extortion via stolen data, putting schools and universities at higher risk. Incidents in 2025–2026 include an attack on Sapienza University of Rome in February 2026, a vocational center in Treviso and Blacon High School, causing outages and operational disruption. Affordable, set-and-forget security that blocks phishing links and automatically scans USB devices can materially reduce exposure.

🚨 The FBI has acknowledged a suspected intrusion on a network used to manage wiretaps and foreign intelligence surveillance warrants, telling CNN it "identified and addressed suspicious activities" and leveraged technical capabilities to respond. The agency provided limited detail, prompting concerns about potential state-linked actors such as China. Past FBI IT security problems and a reported February 2023 field office breach have heightened scrutiny.

🛰️ Cisco Talos says a China-linked APT tracked as UAT-9244 has been targeting critical South American telecommunications since 2024, deploying three undocumented implants: TernDoor for Windows, PeerTime for Linux, and BruteEntry on edge devices. TernDoor uses DLL side-loading via wsprint.exe and a rogue BugSplatRc64.dll to execute payloads in memory and embed a driver to control processes. PeerTime is a multi-architecture P2P backdoor (ARM, AARCH64, PPC, MIPS) that uses BitTorrent for C2 and comes in C/C++ and Rust builds, while BruteEntry turns compromised edge hardware into brute-force proxy nodes targeting Postgres, SSH and Tomcat.

🔒 CISA added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog affecting Hikvision and Rockwell Automation. CVE-2017-7921 (CVSS 9.8) is an improper authentication flaw that can enable privilege escalation and exposure of sensitive information in multiple Hikvision products. CVE-2021-22681 (CVSS 9.8) involves insufficiently protected credentials in Studio 5000 Logix Designer, RSLogix 5000 and Logix Controllers, which can allow an unauthorized network user to bypass verification and modify controller configuration or application code. SANS has detected exploit attempts targeting vulnerable Hikvision cameras; there are no public reports of active attacks exploiting the Rockwell issue. Federal civilian agencies are required to update to supported software by March 26, 2026 under BOD 22-01, and CISA urges all organizations to prioritize remediation of KEV-listed vulnerabilities.

🛡️ Cisco Talos researchers report that a China-linked APT cluster tracked as UAT-9244 has been targeting telecommunication providers in South America since 2024, compromising Windows, Linux, and network-edge devices. The campaign uses three previously undocumented malware families: TernDoor (Windows backdoor), PeerTime (ELF BitTorrent-based Linux backdoor), and BruteEntry (brute-force scanner and proxy builder). Talos published a technical report with capabilities, deployment methods, persistence techniques, and IoCs for detection and mitigation.

🎯Multiple outlets report that Israel hacked Iranian traffic cameras and used the access to facilitate the targeting and killing of Iranian leaders. The New York Times details the broader intelligence operation and strategic context. The revelations raise questions about the use of civilian infrastructure in lethal operations and potential international legal and escalation risks. Security experts note that camera networks, often insecure and internet-connected, create an attack surface exploited by state actors.

⚠️ Dragos reports that multiple state-affiliated threat groups have shifted from long-term access to actively mapping and preparing disruptive attacks against industrial control systems. Adversaries tracked as Voltzite, Kamacite, Electrum, and others have been observed harvesting engineering workstation files, scanning device types to map control loops, and staging wiper and firmware-corruption capabilities. The access-broker model — exemplified by Sylvanite handing footholds to operational teams — shortens the timeline from intrusion to operational readiness. With under 10% of OT environments monitored, many sites lack the visibility needed to detect or respond to these preparations.

🚨 Cybersecurity firms reported 149 hacktivist DDoS claims from Feb 28–Mar 2 that targeted 110 organizations across 16 countries, with 107 attacks concentrated in the Middle East. Two groups, Keymous+ and DieNet, drove nearly 70% of activity while NoName057(16) and others composed most remaining operations. Government, finance, and telecom sectors were disproportionately targeted, and vendors including Radware, Orange Cyberdefense, and Unit 42 provided attribution and telemetry. Analysts warn allied nations and critical infrastructure to increase monitoring and harden defenses.

⚠️ FortiGuard Labs reports a surge of regional cyber activity in the 24–48 hours following U.S.-Israeli strikes on Iranian targets, including defacements, broadcast intrusions, Telegram claims, and internet disruptions, but no confirmed large-scale destructive campaign tied directly to the strikes. Many observed events appear to be psychological operations, hacktivist signaling, or opportunistic exploitation of geopolitical noise rather than coordinated state-level retaliation. The report warns that access is often pre-positioned and that activations can be delayed, so organizations should harden basic controls and preparedness now. Recommended actions include enabling MFA, automating patching, isolated backups, segmentation, active monitoring, and exercising incident response playbooks.