Collaborate Disseminate
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, talks about the key findings: For the CVEs reported in the second half of 2022, … Continue reading ICS vulnerabilities: Insights from advisories, how CVEs are reported
The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to SynSaber. The report analyzes the 920+ CVEs released by CISA in the second h… Continue reading Extent of reported CVEs overwhelms critical infrastructure asset owners
Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features. These vulnerabilities affect over 120 different models of the Sie… Continue reading Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)
Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. This Help Net Security video highlights how leaders rethink their approach to cybersecurity for operations.
The post C… Continue reading Cybersecurity is becoming a top priority among critical infrastructure operators
In a building under construction at the Advanced Technologies Park in Be’er Sheva, the “cyber capital” of Israel, a new governmental lab is also taking shape: the National Cyber-Kinetic Lab for ICS and OT. A joint venture between the Israel… Continue reading Israel’s new cyber-kinetic lab will boost the resilience of critical infrastructure
A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations int… Continue reading Beware of password-cracking software for PLCs and HMIs!
Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. A zero trust security architecture is the gold standard for blocking and containing threats, but there’s been heavy sk… Continue reading Industrial cybersecurity leaders are making considerable headway
In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles… Continue reading OT security: Helping under-resourced critical infrastructure organizations
Just a few days after news of attempted use of a new variant of the Industroyer malware comes a warning from the US Cybersecurity and Infrastructure Security Agency (CISA): Certain APT actors have exhibited the capability to gain full system access to … Continue reading APT group has developed custom-made tools for targeting ICS/SCADA devices
The Computer Emergency Response Team of Ukraine (CERT-UA), with the help of ESET and Microsoft security experts, has thwarted a cyber attack by the Sandworm hackers, who tried to shut down electrical substations run by an energy provider in Ukraine. Ac… Continue reading Sandworm hackers tried (and failed) to disrupt Ukraine’s power grid