< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 7 of 20

US Unveils National Cyber Strategy With Six Pillars

🔒 The Trump Administration published a national cyber strategy on March 6, 2026, presenting a broad framework to strengthen US digital defenses, counter foreign adversaries and accelerate technological innovation. The plan centers on six policy pillars, covering offensive and defensive operations, streamlined cybersecurity and data regulation, federal network modernization, critical infrastructure and supply chain protection, leadership in emerging technologies and workforce expansion. It stresses proactive use of the full range of government tools — including offensive cyber operations, law enforcement and economic sanctions — alongside deeper public–private coordination. Industry leaders welcomed the priorities but warned implementation will depend on funding, contracting vehicles and clear operational authorities.
read more →

U.S. Cyber Strategy Prioritizes Offensive Operations

⚔️ The White House released a concise seven-page cybersecurity strategy developed by the Office of the National Cyber Director that places offensive cyber operations at the center of U.S. policy while also pushing deregulation and accelerated AI adoption. It articulates six implementation pillars including shaping adversary behavior, modernizing federal networks with AI and zero-trust, securing critical infrastructure, and building workforce capacity. Industry responses were broadly positive from vendors emphasizing AI and quantum-safe security, but defenders warn the emphasis on proactive offense and deregulatory moves could raise escalation and resilience concerns.
read more →

National Cyber Strategy: Securing America's Digital Future

🔐 The U.S. National Cyber Strategy offers a clear, action-oriented agenda to protect the digital way of life by emphasizing disruption of hostile actors, streamlined regulation, federal network modernization, and the security of AI and quantum technologies. Palo Alto Networks endorses the strategy and highlights practical measures—such as reciprocity for government software certifications, a four-stage quantum-safe framework, and its Secure AI by Design Policy Roadmap—to help operationalize these priorities through public–private collaboration.
read more →

Ransomware Threats Increasingly Target Education Sector

🎓 Ransomware groups have shifted from encrypting files to extortion via stolen data, putting schools and universities at higher risk. Incidents in 2025–2026 include an attack on Sapienza University of Rome in February 2026, a vocational center in Treviso and Blacon High School, causing outages and operational disruption. Affordable, set-and-forget security that blocks phishing links and automatically scans USB devices can materially reduce exposure.
read more →

FBI Investigates Suspected Breach of Wiretap Systems

🚨 The FBI has acknowledged a suspected intrusion on a network used to manage wiretaps and foreign intelligence surveillance warrants, telling CNN it "identified and addressed suspicious activities" and leveraged technical capabilities to respond. The agency provided limited detail, prompting concerns about potential state-linked actors such as China. Past FBI IT security problems and a reported February 2023 field office breach have heightened scrutiny.
read more →

China-linked APT Targets South American Telecoms Networks

🛰️ Cisco Talos says a China-linked APT tracked as UAT-9244 has been targeting critical South American telecommunications since 2024, deploying three undocumented implants: TernDoor for Windows, PeerTime for Linux, and BruteEntry on edge devices. TernDoor uses DLL side-loading via wsprint.exe and a rogue BugSplatRc64.dll to execute payloads in memory and embed a driver to control processes. PeerTime is a multi-architecture P2P backdoor (ARM, AARCH64, PPC, MIPS) that uses BitTorrent for C2 and comes in C/C++ and Rust builds, while BruteEntry turns compromised edge hardware into brute-force proxy nodes targeting Postgres, SSH and Tomcat.
read more →

CISA Adds Hikvision and Rockwell Flaws to KEV Catalog

🔒 CISA added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog affecting Hikvision and Rockwell Automation. CVE-2017-7921 (CVSS 9.8) is an improper authentication flaw that can enable privilege escalation and exposure of sensitive information in multiple Hikvision products. CVE-2021-22681 (CVSS 9.8) involves insufficiently protected credentials in Studio 5000 Logix Designer, RSLogix 5000 and Logix Controllers, which can allow an unauthorized network user to bypass verification and modify controller configuration or application code. SANS has detected exploit attempts targeting vulnerable Hikvision cameras; there are no public reports of active attacks exploiting the Rockwell issue. Federal civilian agencies are required to update to supported software by March 26, 2026 under BOD 22-01, and CISA urges all organizations to prioritize remediation of KEV-listed vulnerabilities.
read more →

Chinese State Hackers Target Telcos with New Malware Toolkit

🛡️ Cisco Talos researchers report that a China-linked APT cluster tracked as UAT-9244 has been targeting telecommunication providers in South America since 2024, compromising Windows, Linux, and network-edge devices. The campaign uses three previously undocumented malware families: TernDoor (Windows backdoor), PeerTime (ELF BitTorrent-based Linux backdoor), and BruteEntry (brute-force scanner and proxy builder). Talos published a technical report with capabilities, deployment methods, persistence techniques, and IoCs for detection and mitigation.
read more →

Israel Hacked Iranian Traffic Cameras, Aiding Assassinations

🎯Multiple outlets report that Israel hacked Iranian traffic cameras and used the access to facilitate the targeting and killing of Iranian leaders. The New York Times details the broader intelligence operation and strategic context. The revelations raise questions about the use of civilian infrastructure in lethal operations and potential international legal and escalation risks. Security experts note that camera networks, often insecure and internet-connected, create an attack surface exploited by state actors.
read more →

State-affiliated groups prepare disruptive OT attacks

⚠️ Dragos reports that multiple state-affiliated threat groups have shifted from long-term access to actively mapping and preparing disruptive attacks against industrial control systems. Adversaries tracked as Voltzite, Kamacite, Electrum, and others have been observed harvesting engineering workstation files, scanning device types to map control loops, and staging wiper and firmware-corruption capabilities. The access-broker model — exemplified by Sylvanite handing footholds to operational teams — shortens the timeline from intrusion to operational readiness. With under 10% of OT environments monitored, many sites lack the visibility needed to detect or respond to these preparations.
read more →

149 Hacktivist DDoS Claims Target 110 Organizations

🚨 Cybersecurity firms reported 149 hacktivist DDoS claims from Feb 28–Mar 2 that targeted 110 organizations across 16 countries, with 107 attacks concentrated in the Middle East. Two groups, Keymous+ and DieNet, drove nearly 70% of activity while NoName057(16) and others composed most remaining operations. Government, finance, and telecom sectors were disproportionately targeted, and vendors including Radware, Orange Cyberdefense, and Unit 42 provided attribution and telemetry. Analysts warn allied nations and critical infrastructure to increase monitoring and harden defenses.
read more →

Cyber Fallout After the Strikes: Signal, Noise, Next Steps

⚠️ FortiGuard Labs reports a surge of regional cyber activity in the 24–48 hours following U.S.-Israeli strikes on Iranian targets, including defacements, broadcast intrusions, Telegram claims, and internet disruptions, but no confirmed large-scale destructive campaign tied directly to the strikes. Many observed events appear to be psychological operations, hacktivist signaling, or opportunistic exploitation of geopolitical noise rather than coordinated state-level retaliation. The report warns that access is often pre-positioned and that activations can be delayed, so organizations should harden basic controls and preparedness now. Recommended actions include enabling MFA, automating patching, isolated backups, segmentation, active monitoring, and exercising incident response playbooks.
read more →

GCOT Issues Security and Resilience Principles for 6G

🛡️ The Global Coalition on Telecoms (GCOT) has released voluntary 6G Security and Resilience Principles to guide the early development of next-generation mobile networks. Founded by Australia, Canada, Japan, the UK and the US, and joined by Finland and Sweden at Mobile World Congress 2026, the framework was published with industry partners including AT&T, Ericsson, NVIDIA and Nokia. The guidelines define four security and four resilience objectives—covering containment, confidentiality, integrity, resilience and regulatory compliance—to inform standards, supply-chain practices and network architectures ahead of anticipated 6G rollouts in 2029–2030.
read more →

Hitachi Energy RTU500 Firmware Vulnerabilities Identified

🔒 Hitachi Energy disclosed multiple vulnerabilities in the RTU500 series CMU firmware that may reveal limited user-management data or cause device outages. The issues span improper permission handling, input validation gaps, uncontrolled recursion, and unbounded memory allocation, with CVSS scores up to 7.5. Vendor fixes are available — update to CMU Firmware 12.7.8, 13.7.8 (or later), or 13.8.2 as applicable — and apply recommended network mitigations until devices are patched.
read more →

ePower charging stations vulnerable to WebSocket flaws

🔒 CISA warns that ePower epower.ie charging stations contain multiple WebSocket authentication and session-management vulnerabilities that could allow attackers to impersonate chargers, hijack sessions, or disrupt charging services. The advisory catalogs four CVEs, led by a critical authentication bypass (CVE-2026-22552, CVSS 9.4). ePower has not responded to CISA's coordination requests; operators should apply recommended mitigations and minimize network exposure.
read more →

Vulnerabilities in Mobiliti e-mobi.hu Charging Stations

🔒 This advisory details critical authentication and session-management flaws in Mobiliti's e-mobi.hu charging platform that could permit unauthorized administrative access, session hijacking, and denial-of-service against chargers and backend services. Affected versions include all released e-mobi.hu builds. Operators should restrict network exposure, isolate charging networks behind firewalls, and contact Mobiliti support for vendor guidance.
read more →

Hitachi Energy Relion REB500 Privilege Escalation Fix

⚠️ Hitachi Energy disclosed authentication-based directory access vulnerabilities in the Relion REB500 product (firmware versions ≤ 8.3.3.0), tracked as CVE-2026-2459 and CVE-2026-2460. Authenticated users with certain roles can access and modify directories beyond their authorization. The vendor advises updating to REB500 v8.3.3.1 and recommends disabling or tightly controlling the Installer role as an interim mitigation.
read more →

Labkotec LID-3300IP Vulnerability Allows Auth Bypass

⚠️ The Labkotec LID-3300IP ice detector contains an unauthenticated remote-access vulnerability (CVE-2026-1775) that allows an attacker to modify device parameters and execute operational commands by sending specially crafted packets. CISA assigns a CVSS v3.1 base score of 9.4 (Critical). Labkotec recommends migrating to the LID-3300IP Type 2, installing firmware V2.40, and enabling HTTPS; until remediation, operators should remove Internet exposure, segment networks, enforce strong credentials, and monitor device activity.
read more →

Amazon: Drone Strikes Damage AWS Data Centers in Middle East

🚨 Amazon has confirmed that drone strikes damaged three AWS data centers in the United Arab Emirates and one in Bahrain, causing an ongoing outage that is affecting dozens of cloud services. The attacks caused structural and power damage and triggered fire suppression that resulted in additional water damage. Amazon is restoring physical infrastructure while pursuing software-based recovery paths and advising customers to back up and migrate workloads to unaffected regions.
read more →

Operation Epic Fury Adds New Enterprise Risk Layer

⚠ Operation Epic Fury — the US administration's sustained kinetic pressure on core Iranian regime assets — creates an immediate layer of operational risk for multinationals with people, infrastructure, or supply dependencies in the Middle East and beyond. Briefings from Washington offer situational context but do not capture the operational exposure that surfaces as hostilities begin. CISOs, CSOs, and chief risk officers must validate assumptions, set evacuation and wellness protocols, and apply travel thresholds. Cyber posture should be hardened with accelerated patching, edge device controls, and OT segmentation to reduce attack surface.
read more →