ICS CERT predictions for 2024: What you need to know

As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure. Kaspersky just released their ICS CERT Predictions for this year, outlining the key […]

The post ICS CERT predictions for 2024: What you need to know appeared first on Security Intelligence.

Continue reading ICS CERT predictions for 2024: What you need to know

33 connectivity flaws render millions of IT, IoT devices vulnerable

Several sets of internet communication protocols used by major vendors of connected products have vulnerabilities that could affect millions of devices, researchers revealed on Tuesday. Four of the vulnerabilities are critical, meaning attackers could use them to remotely take over devices ranging from a “smart” refrigerator to an industrial networking switch in the electrical grid, according to the security vendor Forescout. The flaws exist in information technology, operational technology and so-called internet of things products. The Forescout study, dubbed AMNESIA:33, focuses on 33 vulnerabilities in four open-source TCP/IP stacks. TCP/IP stands for “Transmission Control Protocol/Internet Protocol,” which is used to communicate between computers. Open-source TCP/IP stacks serve as the foundational connectivity components of devices around the world. (A TCP/IP stack is an implementation of the TCP/IP protocol.) It marks the second time this year that a set of TCP/IP stack vulnerabilities emerged that could affect a large number of devices. […]

The post 33 connectivity flaws render millions of IT, IoT devices vulnerable appeared first on CyberScoop.

Continue reading 33 connectivity flaws render millions of IT, IoT devices vulnerable

NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns. Continue reading NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

The Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication. Continue reading Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

Utilities will have stricter cybersecurity reporting requirements under new ruling

U.S. regulators are laying down stricter reporting requirements for electrical utilities that experience cybersecurity lapses. The Federal Energy Regulatory Commission (FERC) said Thursday that utilities will have to report attempts by attackers, even if they don’t have an immediate effect, that ultimately make it easier to “harm reliable operation of the nation’s bulk electric system.” Current requirements only make utilities report incidents that result in an actual compromise or disruption. “Cyber threats to the bulk power system are ever changing, and they are a matter that commands constant vigilance,” FERC Chairman Kevin McIntyre said in a statement. “Industry must be alert to developing and emerging threats, and a modified standard will improve awareness of existing and future cyber security threats.” The new standards will come by way of the North American Electric Reliability Corporation (NERC), a quasi-governmental body that implements FERC’s rulings for electrical utilities. NERC will have to develop standards […]

The post Utilities will have stricter cybersecurity reporting requirements under new ruling appeared first on Cyberscoop.

Continue reading Utilities will have stricter cybersecurity reporting requirements under new ruling

Lawmakers advance bill to codify DHS cyber center for industrial plants

The House Homeland Security Committee on Wednesday advanced legislation that would establish a Department of Homeland Security cybersecurity center as the lead agency for handling threats to industrial control systems, like those underpinning the energy sector. The bill would make clear that DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is the hub for mitigating ICS vulnerabilities and provide the private sector with a “permanent place for assistance to address cybersecurity risk,” Rep. Don Bacon, R-N.E., who introduced the bill, said at a markup. “We know we are vulnerable…to these cyberattacks on our energy grid, and the time is now to start building that resiliency in our energy grid,” Bacon stated. With DHS and the Department of Energy both concerning themselves with ICS, “there’s some ambiguity [on] who does what” on the issue, Bacon told CyberScoop after the hearing. “The NCCIC has been doing a lot of this,” he explained. […]

The post Lawmakers advance bill to codify DHS cyber center for industrial plants appeared first on Cyberscoop.

Continue reading Lawmakers advance bill to codify DHS cyber center for industrial plants

U.S. industry experts call for vigilance after Trisis group goes global

U.S. critical infrastructure operators should be on high alert — with a close eye on network anomalies — following the revelation that a hacking group that caused a Saudi industrial plant to shut down last year is targeting facilities outside of the Middle East, industry experts told CyberScoop. “Detecting these types of advanced, stealthy threats requires extraordinary visibility into your OT [operational technology] network,” said Marty Edwards, former head of the Department of Homeland Security’s Industrial Control Systems (ICS) CERT. “Unfortunately, not all U.S. critical infrastructure asset owners are at that level of maturity.” The hacking group’s expanded operations mean that U.S. infrastructure operators “should no longer remain complacent in thinking that this is just an issue somewhere else in the world,” Edwards added. The developers of the Trisis malware, which is designed to ravage the control systems that allow plants to safely shut down, have attacked multiple U.S. companies, […]

The post U.S. industry experts call for vigilance after Trisis group goes global appeared first on Cyberscoop.

Continue reading U.S. industry experts call for vigilance after Trisis group goes global

DHS cyber incident response teams closer to becoming permanently codified

The House approved a bill on Monday that would make the Department of Homeland Security’s cyber incident response teams a permanent fixture within the agency. The DHS Cyber Incident Response Teams Act would codify the agency’s “cyber hunt and incident response teams,” which provide support to organizations running critical infrastructure. The teams often respond to cyber incidents and help organizations mitigate cybersecurity risks. “Everyone is a target,” said Rep. Michael McCaul, R-Texas, the bill’s sponsor, on the House floor. “Our enemies don’t just attack individuals and their devices. They also put America’s critical infrastructure sectors in their crosshairs, endangering all aspects of civilian life.” The teams referenced by the bill currently operate in DHS’s National Cybersecurity and Communications Integration Center (NCCIC). The bill also would authorize the secretary of Homeland Security to include cybersecurity specialists from the private sector in those response teams. “By fostering this new collaboration between government and private sector, […]

The post DHS cyber incident response teams closer to becoming permanently codified appeared first on Cyberscoop.

Continue reading DHS cyber incident response teams closer to becoming permanently codified

Trisis has the security world spooked, stumped and searching for answers

At first, technicians at multinational energy giant Schneider Electric thought they were looking at the everyday software used to manage equipment inside nuclear and petroleum plants around the world. They had no idea that the code carried the most dangerous industrial malware on the planet. More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the perpetrators planted inside a nondescript Saudi computer network. It’s a rare case involving a computer virus specially engineered to sabotage industrial control systems (ICS) — the gear that keeps factories and refineries running. Manipulating these systems can have a destructive impact far beyond the network. Today, the incident’s magnitude and implications are […]

The post Trisis has the security world spooked, stumped and searching for answers appeared first on Cyberscoop.

Continue reading Trisis has the security world spooked, stumped and searching for answers

Rockwell Automation Patches Wireless Access Point against Krack

Rockwell Automation has patched its Stratix wireless access point against the KRACK vulnerability, joining a growing list of vendors in the commercial and industrial controls spaces moving quickly to reduce their exposure. Continue reading Rockwell Automation Patches Wireless Access Point against Krack