All news with #outage tag

Jaguar Land Rover production halted after cyberattack

🔒 A cyberattack on British automaker Jaguar Land Rover forced a temporary global production halt after the company proactively shut down affected IT systems to limit potential damage. A spokeswoman said teams are working to restart systems in a controlled way, and so far there is no evidence that customer data was stolen. Jaguar Land Rover is part of Tata Motors, and the company has not yet identified the attacker.

Jaguar Land Rover Cyberattack Severely Disrupts Production

🔒 Jaguar Land Rover (JLR) said a cyberattack forced the company to proactively shut down multiple systems to mitigate impact. The incident, reported over the weekend, has severely disrupted retail and production operations, including systems at the Solihull plant. JLR stated there is no evidence that customer data was stolen and is working to restart global applications in a controlled manner.

Jaguar Land Rover Cyber Incident Disrupts Sales & Production

🔒 JLR has disclosed a cyber incident that has severely disrupted global sales and production. The company said it proactively shut down systems and is working to restart applications in a controlled manner. At this stage there is no evidence customer data has been stolen, but retail and manufacturing activities remain affected. Tata Motors disclosed related "global IT issues" to investors.

Pennsylvania AG Office Confirms Ransomware Caused Outage

🔒 The Office of the Pennsylvania Attorney General confirmed a ransomware attack is behind a two-week service outage that has taken its public website offline and disrupted email and phone systems. Attorney General David W. Sunday Jr. said the office refused to pay the extortionists and that an active investigation with other agencies is ongoing. Partial recovery of email and phones has allowed staff to work via alternate channels while courts issue filing extensions. No group has claimed responsibility and the office has not yet confirmed any data exfiltration.

Google provides ChromeOS workarounds for ClassLink/Clever

⚠️ Google is investigating authentication failures that prevent sign-ins to Clever and ClassLink on affected ChromeOS devices running build 16328.55.0 with Chrome 139.0.7258.137. The problem can disrupt Single Sign‑On and some 2‑Step Verification flows, blocking access to educational platforms. As temporary mitigations, administrators can roll back devices to ChromeOS M138 via the Google Admin console or change LoginAuthenticationBehavior to use the default GAIA authentication flow while Google validates a fix.

Nevada Confirms Ransomware Attack, Data Exfiltrated

🔒 Nevada has confirmed a ransomware attack that resulted in data being exfiltrated from state networks. Tim Galluzi, Nevada's chief information officer, said the incident was first detected on August 24 and was disclosed by the governor's office on August 25; he provided an update in a press conference on August 27. Systems and digital services were taken offline to prevent further intrusion, and a forensic investigation involving third-party specialists, the FBI and CISA is ongoing to determine the nature and scope of the stolen information. No criminal actor had claimed responsibility at the time of reporting.

Nevada Network Security Incident Shuts Down State Services

⚠️ The State of Nevada confirmed a 'network security incident' on 25 August that prompted the closure of in-person government offices and the temporary takedown of state websites and phone lines while 24/7 recovery efforts continue. The Governor's Office said emergency call-taking and essential services remain available and that temporary routing and operational workarounds are in place. There is currently no evidence that personally identifiable information was compromised, but residents were advised to be cautious of unsolicited calls, emails or texts requesting personal information or payments. The matter is under active investigation and agencies will announce reopening timelines.

CISA Leads Real-Time Response to Nevada Cyberattack

🔒 CISA and public- and private-sector partners are assisting Nevada following an August 24 cyber attack, focusing on restoring networks that support lifesaving and critical services. At the state's request, CISA Threat Hunting teams are actively examining systems to determine the full scope of impact and mitigate threats. The agency also advised on FEMA emergency response grants, and the FBI is supporting the investigation.

Schneider Electric Modicon M340: FTP Input Validation Flaw

⚠️ Schneider Electric disclosed an Improper Input Validation vulnerability in Modicon M340 controllers and several communication modules that can be triggered by a specially crafted FTP command. Tracked as CVE-2025-6625 with a CVSS v4 base score of 8.7, the flaw enables a remote denial-of-service with low attack complexity. Schneider released firmware fixes for the BMXNOE0100 (v3.60) and BMXNOE0110 (v6.80) modules, which require device reboot; remediation for other affected products is planned. CISA recommends disabling FTP when not needed, blocking or segmenting port 21, using VPNs for remote access, applying vendor updates where available, and following ICS hardening and risk-assessment practices before making changes.

Maryland Transit Authority Confirms Cyber Incident

🚨 The Maryland Transit Administration (MTA) reported on August 24 that it is investigating a cyber incident involving unauthorized access to specific systems. Most core services, including Local Bus, Metro Subway, Light Rail, MARC and Commuter Bus, remain on schedule, but some functions are disrupted. Affected services include Mobility Paratransit new bookings and rescheduling, MTA real-time updates and call center support, and Baltimore Metro elevator phones, and the agency is working with the Maryland Department of Information Technology, third-party cybersecurity experts and law enforcement to investigate and remediate the issue.

Ransomware Disrupts Operations at Data I/O Manufacturer

🔒 Data I/O, a US-based provider of programming solutions for Flash devices, disclosed a ransomware incident on 16 August that forced it to take platforms offline and deploy mitigations. The company said operations including communications, shipping, manufacturing and support functions were temporarily impacted while it restores systems. Costs for remediation and contractor fees are reasonably likely to affect finances. Major customers include Tesla, Panasonic, Amazon, Google and Microsoft.

Chinese Developer Jailed for Deploying Malicious Code

⚖️ A software developer was sentenced to four years in prison after deploying malicious code inside his US employer's network, the Department of Justice said. The defendant, identified as Davis Lu, introduced infinite-loop logic, deleted coworker profile files and implemented a credential-dependent kill-switch that locked out thousands of users in September 2019. The sabotage followed a corporate realignment that reduced his access; investigators found deleted encrypted data and internet searches showing intent to escalate privileges and rapidly delete files while obstructing remediation.

Blue Locker Ransomware Targets Critical Infrastructure

🔒 Pakistan Petroleum Limited (PPL) was struck by the Blue Locker ransomware, detected on 6 August, which appends a .blue extension to encrypted files and has reported deletion of backups and theft of some business and employee data. The incident encrypted servers and disrupted financial operations while recovery work proceeded in a phased manner. Pakistan's NCERT issued a high alert to 39 key ministries and institutions and warned of multiple distribution vectors. Organisations, especially critical infrastructure operators, are urged to verify and isolate backups, implement network segmentation and enhanced monitoring, and engage incident response and forensic teams as needed.

Mitsubishi MELSEC iQ-F CPU Module Denial-of-Service

🔒 CISA published Advisory ICSA-25-233-01 on August 21, 2025 describing a Denial-of-Service vulnerability (CVE-2025-5514, CVSS v3 5.3) in the Mitsubishi Electric MELSEC iQ-F Series CPU module web server. An attacker can send specially crafted HTTP requests that exploit an Improper Handling of Length Parameter Inconsistency to delay processing and prevent legitimate users from accessing the web server. Mitsubishi Electric reports no plans to release a fix and advises customers to restrict network exposure, use IP filtering and VPNs, and limit physical access. CISA recommends isolating control networks behind firewalls and minimizing internet exposure.

Warlock Ransomware: Emerging Threat Targeting Services

⚠️ Warlock is a ransomware operation that emerged in 2025 and uses double extortion — encrypting systems and threatening to publish stolen data to coerce payment. The group has targeted government agencies and critical service providers across Europe, and on August 12 a cyber incident disrupted UK telecom Colt Technology Services, with an alleged auction of one million stolen documents. Security analysts link recent intrusions to exploitation of the SharePoint vulnerability CVE-2025-53770, which Microsoft says is actively exploited; Microsoft has published analysis and urges immediate patching. Recommended mitigations include enforcing multi‑factor authentication, keeping security tools and software patched, maintaining secure off‑site backups, reducing attack surface, encrypting sensitive data, and educating staff on phishing and social engineering.

Oregon Man Charged Over Rapper Bot DDoS Service Probe

🔒 Federal agents arrested 22‑year‑old Ethan J. Foltz of Springfield, Ore., on Aug. 6, 2025, on suspicion of operating Rapper Bot, a global IoT botnet rented to extortionists for DDoS attacks. The complaint alleges Rapper Bot routinely generated attacks exceeding 2 terabits per second and at times surpassed 6 Tbps, including an attack tied to intermittent outages on Twitter/X. Investigators traced control infrastructure and payments through an ISP subpoena, PayPal records and Google data, recovered Telegram chats with a co‑conspirator known as 'Slaykings,' and say Foltz wiped logs regularly to hinder attribution. He faces one count of aiding and abetting computer intrusions, carrying a maximum statutory term of 10 years.

Dutch prosecution hack disables multiple speed cameras

⚠️ The Netherlands' Public Prosecution Service (Openbaar Ministerie) disconnected its networks on July 17 after suspecting attackers had exploited Citrix device vulnerabilities, leaving several fixed, average and portable speed cameras unable to record offences. Internal email remained available, but external communications and documents required printing and postal delivery. Regulators including the National Cybersecurity Centre were informed, and prosecutors warned that ongoing downtime will delay cases and hamper road-safety enforcement while systems remain offline.

CISA Marks Emergency Communications Month 2025: Resilience

📣 The Cybersecurity and Infrastructure Security Agency (CISA) proclaims April 2025 as Emergency Communications Month to honor emergency responders and promote secure, interoperable communications. The campaign centers on being “Resilient Together” and urges critical infrastructure organizations to enroll in free priority services such as GETS and WPS to preserve connectivity during outages caused by weather, cyber incidents, or human error. CISA emphasizes strategic partnerships across federal, state, local, tribal, and territorial stakeholders to protect the emergency communications ecosystem and strengthen community preparedness.