All news with #critical infrastructure tag

🔒 CISA warns of multiple critical and high-severity vulnerabilities in EV Energy ev.energy software that could permit unauthorized administrative control, session hijacking, credential exposure, and denial-of-service against charging stations. The advisory identifies four CVEs (including CVE-2026-27772) affecting all versions and assigns a top CVSS score of 9.4 for the most severe issue. EV Energy did not respond to coordination requests; CISA recommends vendor fixes and immediate network hardening, including minimizing Internet exposure and restricting access to charge point endpoints.

🔒 More than half of national security organizations still rely on manual processes to transfer sensitive data, the CYBER360 report warns. The article highlights how human-dependent transfers introduce delays, audit gaps, and exploitable seams that adversaries can weaponize. It urges adoption of automated, policy-driven controls—centered on Zero Trust, data-centric protection, and cross-domain solutions—to restore speed, accountability, and mission resilience.

🛡️ In the first episode of Fortinet's Brass Tacks: Talking Cybersecurity season 2, host Joe Robertson speaks with Annita Sciacovelli, a professor of international law and cybersecurity advisor to the Italian Ministry of Defence, about how modern cyber conflict increasingly targets societies rather than only military or corporate assets. They explain that attacks on energy, transport, finance, and public administration aim to erode trust and create strategic psychological pressure, reframing cybersecurity as a public-interest challenge. The discussion highlights legal distinctions between terrorism and state use of force, the importance of ENISA, and EU frameworks such as NIS2, DORA, and the Cyber Resilience Act, while underscoring the need for cyber diplomacy, intelligence sharing, and continuous resilience-building.

🔍 Recent joint research from Palo Alto Networks, Siemens and the Idaho National Laboratory shows that most OT-impacting attacks originate in IT and manifest at the IT–OT edge. Analysts found attackers dwell an average of 185 days in precursor phases, producing detectable signals like credential abuse, reconnaissance and protocol misuse. The paper recommends edge-focused telemetry and an OT SOC-driven active defense to detect and disrupt threats before operational impact.

🔒 Forescout's new report finds that 2025 saw a record 508 ICS advisories covering 2,155 CVEs and a notable rise in vulnerability severity. The average CVSS for advisories rose to above 8.0 in 2024–2025, with the most affected assets including Purdue Level 1 field controllers, Level 3 operational systems and control-level devices. The vendor warns that reduced CISA advisory coverage and many untracked vulnerabilities increase OT/ICS risk and calls for greater vendor accountability and industry collaboration.

🔒 CISA has issued an advisory for a critical Honeywell CCTV vulnerability tracked as CVE-2026-1670. An unauthenticated API endpoint can be abused to change the account recovery email, enabling account takeover and unauthorized access to camera feeds. The advisory lists several mid-range models; Honeywell users should contact support and limit network exposure until vendor guidance or patches are available.

🚨 Deutsche Bahn reported that its information and booking services, including the DB Navigator app and the bahn.de website, were disrupted by a cyberattack. The operator characterized the incident as a DDoS attack that produced intermittent outages starting Tuesday afternoon and recurring on Wednesday morning. Services were restored to a "largely stable" state after defensive measures, though temporary restrictions persisted and the company provided no details about possible perpetrators or motives. Deutsche Bahn said the measures taken helped keep customer impact as low as possible.

🔐 At the Munich Cybersecurity Conference (MCSC) 2026, representatives from the White House, FBI, Europol, OECD, BSI, BND, the European Commission and Japan's National Cybersecurity Office convened to discuss the rising global cyber threat environment. Speakers emphasized the need for stronger public-private cooperation and the industrialization of cybersecurity to better protect critical digital infrastructure. Panelists warned that geopolitical tensions - notably involving North Korea, China and Russia - and transnational cybercrime demand coordinated international responses.

🔐 Researchers at Dragos warn of a marked increase in ransomware groups targeting industrial organizations in 2025, tracking 119 distinct groups — a 49% rise from 2024. The firm reports 3,300 industrial victims last year, with manufacturing and transportation most affected, followed by oil & gas, electricity and communications. Dragos attributes many compromises to abuse of legitimate credentials via VPNs, vendor tunnels and infostealers, and highlights an average OT dwell time of 42 days. The report also names three new threat groups: Sylvanite, Azurite and Pyroxene.

🔒 The Lithuanian government, coordinated by the Innovation Agency Lithuania, has launched a national initiative to strengthen e-security and digital resilience across public services and critical infrastructure. One of three strategic missions, Safe and Inclusive E-Society, led by Kaunas University of Technology (KTU), unites universities and cybersecurity firms under a €24.1 million program to develop and pilot AI-driven defenses, threat sensors, automated cyber threat intelligence, and disinformation detection. Researchers warn that Generative AI and LLMs are transforming fraud into highly realistic, scalable, multilingual social engineering attacks, requiring a shift from pattern-based defenses to adaptive, AI-enhanced protection and cross-sector collaboration.

🔎 Google Threat Intelligence Group (GTIG) warns that state-sponsored actors from China, Iran, Russia, and North Korea are conducting sustained cyber operations against the defense industrial base (DIB). GTIG highlights four themes: targeting battlefield technologies like drones, exploiting hiring and personnel processes, leveraging edge devices for initial access, and capitalizing on manufacturing supply chain breaches. Observed tactics include bespoke malware families, abuse of secure messaging linking, careful endpoint-evasion techniques, and use of relay networks to complicate detection and attribution.

🔒 Russia is escalating efforts to block WhatsApp and Telegram after Roskomnadzor excluded whatsapp.com and web.whatsapp.com from the national DNS and began throttling services. Authorities previously limited voice and video calls and attempted to block new registrations, while Meta has been labeled as extremist in Russia. The Kremlin is promoting the state-aligned MAX messenger as an endorsed alternative, and users currently rely on VPNs and external resolvers to maintain access amid mounting restrictions.

🔒 Siemens reports multiple vulnerabilities in COMOS across V10.4–V10.6 that could permit arbitrary code execution, cross-site scripting, denial-of-service, credential exposure, and TLS man-in-the-middle attacks. Siemens has published updates for several affected lines (notably V10.4.5 and V10.5.2) and is preparing additional fixes; some issues remain unpatched. Apply vendor updates where available, follow Siemens' countermeasures for unpatched versions, minimize network exposure of COMOS, and contact Siemens ProductCERT for assistance and timelines.

🔒 Siemens has identified multiple third-party component vulnerabilities in SINEC OS versions prior to V3.3 that affect numerous RUGGEDCOM and SCALANCE industrial network devices worldwide. Siemens ProductCERT published firmware updates (V3.3+) and recommends timely upgrades; CISA republished the vendor advisory. Reported issues originate in libraries such as OpenSSL, libcurl, BusyBox, libpcap and others and include high- and critical-severity flaws (unauthenticated RCEs, buffer overflows, path traversal and improper certificate validation). Administrators should apply vendor patches, restrict network access, isolate control networks, and use secure remote access methods while performing impact analysis.

🔒 Hitachi Energy has disclosed a default-credentials vulnerability in SuprOS (CVE-2025-7740) affecting versions up to 9.2.1 and 9.2.2.0. Exploitation allows an authenticated local actor to use an admin account created during deployment, risking confidentiality, integrity, and availability. Hitachi Energy recommends applying the vendor update, removing unwanted accounts, and changing default passwords immediately. CISA assigns a CVSS v3.1 score of 8.8 and highlights impacts to critical infrastructure sectors.

🛡️ CISA released its 2025 Year in Review highlighting major achievements that bolstered national cyber and physical security. The agency published over 1,600 products, triaged more than 30,000 incidents through its 24/7 Operations Center, and blocked billions of malicious connections across federal and critical infrastructure networks. It led 148 exercises engaging 10,000+ participants and issued the Be Air Aware™ guides to address Unmanned Aircraft System threats. The report frames these outcomes as the foundation for 2026 priorities focused on innovation, resilience, and partnership.

🔒 Singapore’s Cyber Security Agency disclosed that Operation Cyber Guardian disrupted attacks by Chinese-linked APT UNC3886 targeting the nation’s four major telcos between summer 2025 and early 2026. The response involved over 100 cyber defenders across six agencies and identified use of a zero-day and rootkits to maintain persistent access. CSA reported no evidence of service disruption or sensitive personal data exfiltration and implemented remediation and enhanced monitoring. Telcos have been urged to continue strengthening systems and vigilance against re-entry attempts.

⚠️ A cyber actor compromised OT and ICS in Poland's energy sector in December 2025, affecting renewable plants, a combined heat and power facility, and a manufacturing company. Attackers gained access via vulnerable internet-facing edge devices, deployed wiper malware, destroyed HMI data, corrupted firmware, and damaged RTUs, causing loss of view and control. Production continued at some sites, but operators could not monitor or control systems as designed. Stakeholders are urged to enable firmware verification, change default credentials, and replace end-of-support edge devices.

🔒 CISA released Barriers to Secure OT Communications: Why Johnny Can’t Authenticate to help operational technology (OT) owners, operators, integrators, and manufacturers adopt more secure communications. Based on interviews with stakeholders across Water and Wastewater, Transportation, Chemical, Energy, and Food and Agriculture sectors, the guide explains why insecure legacy industrial protocols persist and how threat actors can impersonate devices or alter messages. It identifies practical barriers—cost and complexity, latency and bandwidth, inspection issues from encryption, and interoperability with legacy products—and offers actionable recommendations to reduce friction and improve usability when procuring, deploying, and maintaining secure OT communications.

⚠️ The NCSC has issued an urgent alert to critical national infrastructure (CNI) providers after December's coordinated malware attacks against Poland's energy sector, urging operators to act now to defend UK assets. Director Jonathan Ellison stressed the need to follow recent NCSC guidance on monitoring, situational awareness and hardening network defences. Recommended measures include patching, access controls and MFA, secure-by-design management and robust resilience and recovery plans.