< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 6 of 20

Water Utilities Boost Cybersecurity Through Cooperation

💧Water utilities facing aging operational systems and limited IT staff are improving cybersecurity by sharing information and coordinating responses. A two-year pilot led by the Cyber Readiness Institute and the Center on Cyber and Technology Innovation, sponsored by Microsoft, enrolled about 200 small and mid-sized utilities. The study found that combining cybersecurity training with hands-on technical assistance, stronger sector links and practical support is more effective than distributing guidance alone.
read more →

Denver Crosswalks Hacked to Broadcast Anti-Trump Messages

🔊 Denver's newly installed pedestrian audio units on East Colfax Avenue were hijacked over the weekend to broadcast explicit anti-Trump messages in a robotic voice, startling pedestrians. Officials report the devices were activated while still using factory-default credentials; passwords have since been changed and police are investigating. The tampering created a safety hazard for people with visual impairments and echoes prior incidents involving Polara crosswalk systems.
read more →

FBI Seizes Handala Leak Domains After Stryker Wipe

🔒 The FBI has seized two clearnet domains used by the Iranian-linked hacktivist group Handala after its destructive cyberattack on medical device maker Stryker. A seizure banner cites a Maryland court warrant and says the domains facilitated malicious cyber activities; DNS now points to FBI name servers. Handala acknowledged the seizures and said it will rebuild resilient infrastructure. Microsoft and CISA issued guidance to help organizations secure Intune and Windows domains against similar compromises.
read more →

Critical OCPP WebSocket Vulnerabilities in eParking.fi

🔒 Multiple vulnerabilities in IGL-Technologies eParking.fi allow unauthenticated actors to connect to OCPP WebSocket endpoints, impersonate charging stations, issue commands, hijack sessions, or disrupt charging services via denial-of-service. CISA rates the most severe issue CVSSv3.1 9.4 (Critical). IGL-Technologies has implemented stronger authentication, device-level whitelisting, rate limiting, and enhanced monitoring; encrypted OCPP deployments and the proprietary eTolppa protocol are not impacted.
read more →

UK regulation increasingly drives CNI cybersecurity

🔒 Security leaders at the UK's critical national infrastructure (CNI) firms are increasingly turning to regulatory compliance to steer cyber investment and maturity, Bridewell's Cybersecurity in CNI Report 2026 finds. The study shows 35% of leaders cite regulation as the primary influence, up from 26% in 2025. Adoption of frameworks like the NCSC CAF and NIS2 remains uneven, and organisations report widespread incidents and rising AI concerns.
read more →

FedRAMP High: Falcon for XIoT Extends Federal Protection

🔒 CrowdStrike Falcon Platform for Government now includes Falcon for XIoT, delivering FedRAMP High–authorized visibility and protection for connected and operational technology assets. The solution provides native, zero‑touch XIoT asset discovery with deep protocol support and ICS vendor validation to preserve operational continuity across critical infrastructure. It also leverages AI-powered risk prioritization to surface and rank high‑risk conditions across converged IT/OT environments.
read more →

EU Imposes Sanctions on Chinese and Iranian Cyber Firms

🔒 The Council of the European Union has sanctioned three companies and two individuals from China and Iran for cyberoperations that targeted devices and critical infrastructure. The measures name Integrity Technology Group (linked to the Raptor Train botnet), Anxun Information Technology (i‑Soon) and Iranian firm Emennet Pasargad. Listed parties face asset freezes and prohibitions on accessing funds, and natural persons are subject to travel bans through EU territory.
read more →

Eon Reports Tenfold Increase in Cyberattacks on Grid

⚡Eon reports a sharp rise in cyberattacks on its power distribution networks, now seeing several hundred daily probes—a tenfold increase compared with five years ago, board member Thomas König said. The company highlights the security challenges of an increasingly digitized grid. Eon engages external providers to run attack simulations and strengthen defences while operating about one third of Germany's distribution network.
read more →

Critical CODESYS Vulnerabilities in Festo Automation Suite

⚠ CISA warns that multiple critical vulnerabilities affect CODESYS components bundled with Festo Automation Suite, including several issues rated CVSS 3.1 9.8. Affected installations include FAS releases prior to 2.8.0.138 and FAS 2.8.0.137 when using CODESYS 3.0 or 3.5.16.10; beginning with FAS 2.8.0.138, CODESYS is no longer bundled and must be installed separately. Vendors recommend updating to CODESYS Development System 3.5.21.20, applying Festo updates, avoiding untrusted project files, and minimizing network exposure of control systems.
read more →

Critical Modbus TCP Vulnerability in Schneider SCADAPack

⚠️ Schneider Electric has disclosed a critical vulnerability affecting SCADAPack x70 RTUs (including SCADAPack 47xi, 47x, and 57x) that communicates over Modbus TCP. Exploitation could allow remote code execution, denial of service, and loss of confidentiality or integrity. Known affected products include SCADAPack 57x and RemoteConnect versions prior to R3.4.2; vendor fixes are available in RemoteConnect R3.4.2 and SCADAPack firmware 9.12.2. If immediate patching is not possible, implement network segmentation, enable the RTU firewall service, disable the logic debug service, and follow the SCADAPack security guidelines.
read more →

DDoS Disrupts Perm Parking Payments, Free Parking Issued

🚗 Local authorities in Perm, Russia, reported a large-scale cyberattack that knocked the city's automated parking payment systems offline, attributing the outage to a massive DDoS attack. The permparking.ru portal and associated payment channels were overwhelmed, prompting officials to waive parking fees from 10–13 March while recovery teams worked. Authorities aimed to have services restored by 16 March. DDoS campaigns typically use botnets to flood services and block legitimate transactions.
read more →

Fortinet Named a Challenger in Gartner 2026 CPS MQ

🔒 Fortinet has been named a Challenger in the 2026 Gartner Magic Quadrant for Cyber-Physical Systems (CPS) Protection Platforms. The recognition underscores the capabilities of the Fortinet OT Security Platform to secure converged IT/OT environments through deep OT visibility, protocol-aware segmentation, and integrated networking and security. Fortinet emphasizes unified management, ruggedized firewalls, secure SD-WAN, ZTNA, NAC, and AI-driven operations to reduce risk while preserving uptime and safety in industrial settings.
read more →

Fortinet Named Challenger in Gartner Magic Quadrant

🔒 Fortinet was named a Challenger in the 2026 Gartner Magic Quadrant for Cyber-Physical Systems Protection Platforms, highlighting recognition of the Fortinet OT Security Platform. The vendor positions its solution as a unified approach that delivers OT-aware controls—automated discovery, protocol visibility, segmentation, and ruggedized firewalls—while avoiding disruption to uptime and safety. Fortinet emphasizes integrated networking and security to reduce complexity and accelerate detection and response across converged IT/OT environments.
read more →

Poland's Nuclear Research Centre Foils Cyberattack

🛡️ Poland’s National Centre for Nuclear Research (NCBJ) says its IT infrastructure was targeted by a cyberattack that was detected and blocked before causing any impact. Security systems and internal procedures enabled rapid containment, and the institute reports that the MARIA research reactor was unaffected and continues to operate safely. Authorities have been notified and an investigation is underway.
read more →

Siemens SIMATIC S7-1500: Trace-File Code Injection Risk

⚠️ Siemens SIMATIC S7-1500 devices are affected by a high-severity vulnerability (CVE-2025-40943) that allows code injection when a user imports a specially crafted trace file via the device web interface. Siemens has released fixes (notably V4.1.2 and later) for many affected products and is preparing additional updates. Where patches are not yet available, Siemens and CISA advise disabling the web server if unused, restricting access to TCP ports 80/443, and only importing trusted trace files.
read more →

Siemens SIDIS Prime Multiple Component Vulnerabilities

⚠️ Siemens reports that SIDIS Prime versions prior to V4.0.800 include multiple vulnerabilities in third‑party components such as OpenSSL, SQLite, and a range of Node.js libraries. The advisory enumerates numerous CVEs covering memory corruption, DoS, XSS, path traversal, prototype pollution, and other weaknesses. Siemens and CISA recommend updating to V4.0.800 or later, restricting network exposure, and following vendor operational guidance before deployment. Affected systems are used worldwide in critical manufacturing environments and should be assessed promptly.
read more →

Fortinet/FortiOS Flaws Affect Siemens RUGGEDCOM APE1808

🔐 Fortinet disclosed multiple FortiOS vulnerabilities that affect Siemens RUGGEDCOM APE1808 devices. Siemens has issued firmware updates and advises operators to install vendor fixes promptly. Issues include an authentication bypass, HTTP request smuggling, and an externally controlled format string that can enable code execution or unauthorized access. Apply vendor patches and limit device exposure.
read more →

Honeywell IQ4x BMS Controller Critical Authentication Flaw

⚠️CISA warns that Honeywell IQ4x Building Management System controllers expose a factory-default web HMI without authentication (tracked as CVE-2026-3611). An unauthenticated actor able to reach the HTTP interface can create administrative accounts via the U.htm function, gain full read/write control, and potentially lock out legitimate operators. Honeywell has not issued a patch; apply network mitigations immediately.
read more →

The OT Security Time Bomb in Energy & Pharma Manufacturing

⚠️ Legacy operational technology in critical plants — often running unsupported systems like Windows XP and using insecure protocols — represents a persistent and escalating cyber risk. The author, an experienced OT security practitioner, identifies three main blockers: the taboo of planned downtime, cultural and language gaps between IT and OT teams, and diffused budget and accountability. He documents a typical attack chain that begins in IT, moves laterally through poorly segmented networks, and exploits unmonitored legacy controllers, and recommends a pragmatic, phased response: risk-based inventory, IEC 62443-aligned segmentation, OT-aware monitoring, compensating controls and stepwise modernization to reduce exposure without halting production.
read more →

Jailbreaking the F-35: Sovereignty and Software Control

🛩️ The article examines growing international concerns about dependence on U.S.-supplied aircraft software, focusing on the F-35 program and the political and operational risks that follow. It highlights a recent remark by the Dutch Defense Secretary that the jets could be jailbroken to run third-party software, a statement that underscores frustration with vendor-controlled maintenance. The piece frames this as part of a broader debate over vendor lock-in, sovereignty, and the security implications of controlling mission-critical systems. It warns that technical, legal, and safety trade-offs complicate any unilateral attempt to modify certified avionics.
read more →