critical infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) has recently unveiled an advisory outlining the findings from a Red Team assessment conducted on a U.S. critical infrastructure sector organization. While most advisories induce yawns from non-security pros, this one is a wake-up...

If you thought your industrial systems were locked tight, think again. Schneider Electric has identified a serious vulnerability in its EcoStruxure IT Gateway software, a crucial component for managing industrial infrastructure. With a CVSS v4 base score of 10.0 (out of 10)—essentially the...

In a landscape where cyber threats loom over our digital infrastructures, vigilance is paramount—especially when it comes to critical systems. On October 17, 2024, CISA (Cybersecurity and Infrastructure Security Agency) disclosed concerning vulnerabilities within the Elvaco M-Bus Metering...

Overview of the Advisory In a cooperative effort to strengthen national cybersecurity, the FBI, CISA, NSA, CSE, AFP, and the Canadian Cyber Security Centre have released an urgent advisory concerning the ongoing and sophisticated activities of Iranian cyber actors. These actors have made...

On October 16, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, and several international partners, released a critical advisory warning organizations about the cyber threat posed by Iranian cyber actors. Dubbed "Iranian Cyber Actors Brute Force and...

On October 10, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a critical advisory regarding vulnerabilities affecting Siemens SIMATIC S7-1500 CPUs. This vulnerability, noted for its potential exploitability, could have serious ramifications for organizations deploying...

On October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released an alert about vulnerabilities affecting Subnet Solutions Inc.'s PowerSYSTEM Center. This equipment is vital in sectors such as critical manufacturing and energy, and the vulnerabilities can expose...

In a world increasingly reliant on interconnected systems, the security of operational technology (OT) has surfaced as a critical concern, especially for critical infrastructure organizations. On October 1, 2024, the Australian Signals Directorate's Australian Cyber Security Centre (ASD’s ACSC)...

In a world increasingly driven by technology, the vulnerability of our critical infrastructure poses a significant concern. The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a stern warning regarding the exploitation of operational technology (OT) and industrial...

Source: CISA (Cybersecurity and Infrastructure Security Agency) Published Date: September 19, 2024 URL: CISA Advisory on IDEC PLCs Executive Summary Recently, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory concerning vulnerabilities discovered in IDEC...

Published by CISA on September 17, 2024 1. Executive Summary CISA has issued an advisory regarding a critical vulnerability affecting Yokogawa's Dual-redundant Platform for Computer (PC2CKM). The vulnerability, designated CVE-2024-8110, presents a CVSS v3 score of 7.5, indicating that it is...

In the vast ocean of cyber vulnerabilities, few are as critical and pressing as those found in Supervisory Control and Data Acquisition (SCADA) systems. These systems, integral to managing an array of industrial operations ranging from power generation to water treatment, have increasingly...

Context and Background The advisory emerges amid a broader backdrop of escalating tensions between Russia and Western nations, particularly following the onset of the conflict in Ukraine in 2022. The Russian military has increasingly relied on cyber operations to achieve various objectives...

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...

Original release date: October 18, 2021 Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use Link Removed. • Use Link Removed. • Implement network segmentation and traversal monitoring. Note...

Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...

Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a Link Removed vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting...

Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...

Original release date: October 1, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and...

Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...