critical infrastructure

If you’ve been keeping an eye on industrial control system (ICS) vulnerabilities, here’s a new one for your radar: Schneider Electric has reported a serious vulnerability affecting its Accutech Manager software. With a CVSS v3 score of 7.5—indicating high severity—this vulnerability isn’t...

In a world where cyber threats are growing faster than you can say "phishing email," the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD) have teamed up to tackle vulnerabilities head-on. Their newly introduced Playbook for...

Introduction Ladies and gentlemen of the Windows user community, buckle up because today we're diving into the world of industrial control systems (ICS). We're talking factory floors, operational visibility, and data-driven decision-making—all made possible via connected devices. But nothing in...

On December 10, 2024, CISA announced significant vulnerabilities affecting Schneider Electric's EcoStruxure Foxboro DCS Core Control Services. These vulnerabilities, which have been assigned CVE identifiers, pose serious security risks that could lead to unauthorized access and system...

On November 26, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued a set of six Industrial Control Systems (ICS) advisories aimed at fortifying security around a range of crucial infrastructural technologies. These advisories spotlight the current vulnerabilities and...

In a recent advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), a serious vulnerability affecting the Schneider Electric PowerLogic P5 has been identified. This vulnerability, cataloged under CVE-2024-5559, marks a significant concern for users involved in critical...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently unveiled an advisory outlining the findings from a Red Team assessment conducted on a U.S. critical infrastructure sector organization. While most advisories induce yawns from non-security pros, this one is a wake-up...

If you thought your industrial systems were locked tight, think again. Schneider Electric has identified a serious vulnerability in its EcoStruxure IT Gateway software, a crucial component for managing industrial infrastructure. With a CVSS v4 base score of 10.0 (out of 10)—essentially the...

In a landscape where cyber threats loom over our digital infrastructures, vigilance is paramount—especially when it comes to critical systems. On October 17, 2024, CISA (Cybersecurity and Infrastructure Security Agency) disclosed concerning vulnerabilities within the Elvaco M-Bus Metering...

Overview of the Advisory In a cooperative effort to strengthen national cybersecurity, the FBI, CISA, NSA, CSE, AFP, and the Canadian Cyber Security Centre have released an urgent advisory concerning the ongoing and sophisticated activities of Iranian cyber actors. These actors have made...

On October 16, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, and several international partners, released a critical advisory warning organizations about the cyber threat posed by Iranian cyber actors. Dubbed "Iranian Cyber Actors Brute Force and...

On October 10, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a critical advisory regarding vulnerabilities affecting Siemens SIMATIC S7-1500 CPUs. This vulnerability, noted for its potential exploitability, could have serious ramifications for organizations deploying...

On October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released an alert about vulnerabilities affecting Subnet Solutions Inc.'s PowerSYSTEM Center. This equipment is vital in sectors such as critical manufacturing and energy, and the vulnerabilities can expose...

In a world increasingly reliant on interconnected systems, the security of operational technology (OT) has surfaced as a critical concern, especially for critical infrastructure organizations. On October 1, 2024, the Australian Signals Directorate's Australian Cyber Security Centre (ASD’s ACSC)...

In a world increasingly driven by technology, the vulnerability of our critical infrastructure poses a significant concern. The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a stern warning regarding the exploitation of operational technology (OT) and industrial...

Source: CISA (Cybersecurity and Infrastructure Security Agency) Published Date: September 19, 2024 URL: CISA Advisory on IDEC PLCs Executive Summary Recently, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory concerning vulnerabilities discovered in IDEC...

Published by CISA on September 17, 2024 1. Executive Summary CISA has issued an advisory regarding a critical vulnerability affecting Yokogawa's Dual-redundant Platform for Computer (PC2CKM). The vulnerability, designated CVE-2024-8110, presents a CVSS v3 score of 7.5, indicating that it is...

In the vast ocean of cyber vulnerabilities, few are as critical and pressing as those found in Supervisory Control and Data Acquisition (SCADA) systems. These systems, integral to managing an array of industrial operations ranging from power generation to water treatment, have increasingly...

Context and Background The advisory emerges amid a broader backdrop of escalating tensions between Russia and Western nations, particularly following the onset of the conflict in Ukraine in 2022. The Russian military has increasingly relied on cyber operations to achieve various objectives...

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...