< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 9 of 20

Sharp Rise in Ransomware Targeting Industrial Systems

🔐 Researchers at Dragos warn of a marked increase in ransomware groups targeting industrial organizations in 2025, tracking 119 distinct groups — a 49% rise from 2024. The firm reports 3,300 industrial victims last year, with manufacturing and transportation most affected, followed by oil & gas, electricity and communications. Dragos attributes many compromises to abuse of legitimate credentials via VPNs, vendor tunnels and infostealers, and highlights an average OT dwell time of 42 days. The report also names three new threat groups: Sylvanite, Azurite and Pyroxene.
read more →

Lithuania’s Mission for a Safe and Inclusive E‑Society

🔒 The Lithuanian government, coordinated by the Innovation Agency Lithuania, has launched a national initiative to strengthen e-security and digital resilience across public services and critical infrastructure. One of three strategic missions, Safe and Inclusive E-Society, led by Kaunas University of Technology (KTU), unites universities and cybersecurity firms under a €24.1 million program to develop and pilot AI-driven defenses, threat sensors, automated cyber threat intelligence, and disinformation detection. Researchers warn that Generative AI and LLMs are transforming fraud into highly realistic, scalable, multilingual social engineering attacks, requiring a shift from pattern-based defenses to adaptive, AI-enhanced protection and cross-sector collaboration.
read more →

Google Ties State-Linked Actors to Defense Sector Attacks

🔎 Google Threat Intelligence Group (GTIG) warns that state-sponsored actors from China, Iran, Russia, and North Korea are conducting sustained cyber operations against the defense industrial base (DIB). GTIG highlights four themes: targeting battlefield technologies like drones, exploiting hiring and personnel processes, leveraging edge devices for initial access, and capitalizing on manufacturing supply chain breaches. Observed tactics include bespoke malware families, abuse of secure messaging linking, careful endpoint-evasion techniques, and use of relay networks to complicate detection and attribution.
read more →

Russia Moves to Block WhatsApp and Telegram Access

🔒 Russia is escalating efforts to block WhatsApp and Telegram after Roskomnadzor excluded whatsapp.com and web.whatsapp.com from the national DNS and began throttling services. Authorities previously limited voice and video calls and attempted to block new registrations, while Meta has been labeled as extremist in Russia. The Kremlin is promoting the state-aligned MAX messenger as an endorsed alternative, and users currently rely on VPNs and external resolvers to maintain access amid mounting restrictions.
read more →

Siemens COMOS: Multiple Vulnerabilities and Fixes Advisory

🔒 Siemens reports multiple vulnerabilities in COMOS across V10.4–V10.6 that could permit arbitrary code execution, cross-site scripting, denial-of-service, credential exposure, and TLS man-in-the-middle attacks. Siemens has published updates for several affected lines (notably V10.4.5 and V10.5.2) and is preparing additional fixes; some issues remain unpatched. Apply vendor updates where available, follow Siemens' countermeasures for unpatched versions, minimize network exposure of COMOS, and contact Siemens ProductCERT for assistance and timelines.
read more →

Siemens SINEC OS Third-Party Vulnerabilities — Patch Now

🔒 Siemens has identified multiple third-party component vulnerabilities in SINEC OS versions prior to V3.3 that affect numerous RUGGEDCOM and SCALANCE industrial network devices worldwide. Siemens ProductCERT published firmware updates (V3.3+) and recommends timely upgrades; CISA republished the vendor advisory. Reported issues originate in libraries such as OpenSSL, libcurl, BusyBox, libpcap and others and include high- and critical-severity flaws (unauthenticated RCEs, buffer overflows, path traversal and improper certificate validation). Administrators should apply vendor patches, restrict network access, isolate control networks, and use secure remote access methods while performing impact analysis.
read more →

Hitachi Energy SuprOS Default Credentials Vulnerability

🔒 Hitachi Energy has disclosed a default-credentials vulnerability in SuprOS (CVE-2025-7740) affecting versions up to 9.2.1 and 9.2.2.0. Exploitation allows an authenticated local actor to use an admin account created during deployment, risking confidentiality, integrity, and availability. Hitachi Energy recommends applying the vendor update, removing unwanted accounts, and changing default passwords immediately. CISA assigns a CVSS v3.1 score of 8.8 and highlights impacts to critical infrastructure sectors.
read more →

CISA 2025 Year in Review: Strengthening Infrastructure

🛡️ CISA released its 2025 Year in Review highlighting major achievements that bolstered national cyber and physical security. The agency published over 1,600 products, triaged more than 30,000 incidents through its 24/7 Operations Center, and blocked billions of malicious connections across federal and critical infrastructure networks. It led 148 exercises engaging 10,000+ participants and issued the Be Air Aware™ guides to address Unmanned Aircraft System threats. The report frames these outcomes as the foundation for 2026 priorities focused on innovation, resilience, and partnership.
read more →

Singapore Disrupts Chinese APT Targeting Telco Networks

🔒 Singapore’s Cyber Security Agency disclosed that Operation Cyber Guardian disrupted attacks by Chinese-linked APT UNC3886 targeting the nation’s four major telcos between summer 2025 and early 2026. The response involved over 100 cyber defenders across six agencies and identified use of a zero-day and rootkits to maintain persistent access. CSA reported no evidence of service disruption or sensitive personal data exfiltration and implemented remediation and enhanced monitoring. Telcos have been urged to continue strengthening systems and vigilance against re-entry attempts.
read more →

Poland Energy Sector Cyber Incident Exposes OT Gaps

⚠️ A cyber actor compromised OT and ICS in Poland's energy sector in December 2025, affecting renewable plants, a combined heat and power facility, and a manufacturing company. Attackers gained access via vulnerable internet-facing edge devices, deployed wiper malware, destroyed HMI data, corrupted firmware, and damaged RTUs, causing loss of view and control. Production continued at some sites, but operators could not monitor or control systems as designed. Stakeholders are urged to enable firmware verification, change default credentials, and replace end-of-support edge devices.
read more →

CISA Guide Helps Critical Infrastructure Adopt Secure OT

🔒 CISA released Barriers to Secure OT Communications: Why Johnny Can’t Authenticate to help operational technology (OT) owners, operators, integrators, and manufacturers adopt more secure communications. Based on interviews with stakeholders across Water and Wastewater, Transportation, Chemical, Energy, and Food and Agriculture sectors, the guide explains why insecure legacy industrial protocols persist and how threat actors can impersonate devices or alter messages. It identifies practical barriers—cost and complexity, latency and bandwidth, inspection issues from encryption, and interoperability with legacy products—and offers actionable recommendations to reduce friction and improve usability when procuring, deploying, and maintaining secure OT communications.
read more →

NCSC Warns CNI Operators of Severe Cyber-Attacks Now

⚠️ The NCSC has issued an urgent alert to critical national infrastructure (CNI) providers after December's coordinated malware attacks against Poland's energy sector, urging operators to act now to defend UK assets. Director Jonathan Ellison stressed the need to follow recent NCSC guidance on monitoring, situational awareness and hardening network defences. Recommended measures include patching, access controls and MFA, secure-by-design management and robust resilience and recovery plans.
read more →

Chinese UNC3886 Cyberspies Breach Singapore Telcos

🔒 Singapore's Cyber Security Agency says China-linked threat actor UNC3886 breached the country's four largest telcos — Singtel, StarHub, M1, and Simba — at least once last year, gaining limited access to critical systems but failing to disrupt services or exfiltrate confirmed customer data. Investigators found a zero-day used to bypass perimeter firewalls and rootkits employed for stealth and persistence. The government launched Operation Cyber Guardian, mobilized multiple agencies, and contained the intrusions while increasing monitoring across critical sectors.
read more →

China-linked UNC3886 Targets Singapore Telecoms Systems

🛡️ Singapore's Cyber Security Agency (CSA) disclosed that the China-linked espionage group UNC3886 executed a deliberate, targeted campaign against the nation's telecommunications sector, naming M1, SIMBA Telecom, Singtel and StarHub as targets. The agency said the actor used sophisticated tools, including a weaponized zero-day and kernel-level rootkits, to gain unauthorized access to portions of telco networks. CSA reported no evidence of customer personal data exfiltration or service disruption and said a defensive operation called CYBER GUARDIAN has closed the group's access points and expanded monitoring across affected operators.
read more →

Super Bowl LX: Strengthening Security and Resilience

🛡️ CISA coordinated a year-long, multiagency effort to secure Super Bowl LX, working with the NFL, DHS, the FBI, state and local partners, and private vendors to protect people, venues, and critical infrastructure. Region 9 authored a tailored playbook and executed physical security assessments using the Infrastructure Survey Tool and Infrastructure Visualization Platform, conducted tabletop exercises, and delivered bombing prevention workshops and cyber hygiene training. These layered measures aimed to reduce risk, strengthen communications interoperability, and ensure resilient operations throughout gameday.
read more →

CISA Orders Federal Agencies to Remove EOS Edge Devices

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 26-02 requiring federal civil executive branch agencies to decommission end-of-support (EOS) edge devices within specified timelines. Agencies must identify and remediate vulnerabilities within three months and remove EOS devices from external-facing network edges within 18 months, replacing them with vendor-supported hardware. The directive also mandates continuous discovery and inventory processes to prevent future exposure.
read more →

Conpet Hit by Qilin Ransomware, Corporate IT Affected

🔒 Conpet, Romania's national oil pipeline operator, disclosed a cyberattack that disrupted its corporate IT systems and temporarily took down its public website. The company said operational technologies, including SCADA and telecommunications systems, were not affected and crude oil transport continued normally. The Qilin ransomware group claimed responsibility and alleged nearly 1 TB of data exfiltration, posting sample documents as proof. Conpet is investigating the incident with national cybersecurity authorities and has filed a criminal complaint with DIICOT.
read more →

Mitsubishi MELSEC iQ-R Series Critical Firmware Flaw

⚠️ A critical vulnerability (CVE-2025-15080) affects Mitsubishi Electric MELSEC iQ-R Series firmware (R08/16/32/120PCPU) versions 48 and earlier. An attacker can read device data or parts of control programs, write device data, or cause a denial-of-service by sending specially crafted SLMP or proprietary protocol packets. Mitsubishi Electric recommends updating affected firmware to version 49 or later and, until patched, restricting access via firewalls, IP filters, VPNs, and LAN-only operation.
read more →

Italy Repels Russian Cyber Attacks Ahead of Olympics

🛡️ Italy says it repelled multiple cyberattacks of Russian origin days before the Winter Olympic Games in Milan and Cortina d'Ampezzo. Targets included sites connected to the Games and several hotels in Cortina; facilities of the Foreign Ministry were also affected. Foreign Minister Antonio Tajani thanked security teams and said authorities coordinated defenses with event organizers.
read more →

Germany and Israel Conduct Joint Cyberattack Defense Drill

🛡️ Germany and Israel jointly conducted a first-ever exercise, called “Blue Horizon,” to practice defending against a major cyberattack as part of a recent bilateral cyber and security pact. The drill aims to familiarize experts and advance the planned construction of a German “Cyberdome”, modeled on Israeli systems that consolidate data and use AI to detect network vulnerabilities and warn organizations. The pact also foresees closer cooperation on cybercrime, artificial intelligence and drone defense.
read more →