When it comes to industrial control systems, security isn't just a precaution—it's a necessity. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued a high-priority advisory pertaining to a critical vulnerability in iniNet Solutions SpiderControl SCADA PC HMI Editor. With...
On January 10, 2023, a pivotal change occurred in the landscape of cybersecurity advisories regarding critical infrastructure products manufactured by Siemens. Effective immediately, CISA (the Cybersecurity and Infrastructure Security Agency) announced that it would no longer update security...
In the vast ocean of cyber vulnerabilities, few are as critical and pressing as those found in Supervisory Control and Data Acquisition (SCADA) systems. These systems, integral to managing an array of industrial operations ranging from power generation to water treatment, have increasingly...
Original release date: October 14, 2021
Summary
Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity
• Do not click on Link Removed.
• If you use RDP, secure and monitor it.
• Use Link Removed.
• Use Link Removed.
Note: This advisory uses the MITRE...
Original release date: July 20, 2021
Summary
This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
Note: CISA released technical information...
Original release date: February 11, 2021
Summary
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...
Original release date: October 20, 2017
Systems Affected
Domain Controllers
File Servers
Email Servers
Overview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert...
Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued June 16 by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
This could cause denial of service...
Dillon Beresford and Brian Meixell were planning to perform a demonstration of how to attack critical infrastructure at the TakeDown Conference but cancelled after they were "asked very nicely" to refrain from providing that information. Beresford, a security analyst at NSS Labs, told Link...