#industrial-control-systems

[ follow ]
#cybersecurity #operational-technology #critical-infrastructure #cisa #distributed-energy-resources
Information security
fromSecurityWeek
6 hours ago

ICS Devices Bricked Following Russia-Linked Intrusion Into Polish Power Grid

A cyberattack believed to be Russian targeted Poland's distributed energy resources, compromising RTUs and communication systems across about 30 sites and causing permanent ICS damage.
Information security
fromFast Company
6 hours ago

How hackers are turning the power grid and digital infrastructure into a weapon

Converging cyber and kinetic operations can blackout critical infrastructure by manipulating internet-connected industrial controllers to synchronize digital attacks with military strikes.
Information security
fromArs Technica
6 years ago

New clues show how Russia's grid hackers aimed for physical destruction

Russian hackers aimed to cause lasting physical destruction to Ukrainian power-grid equipment by using malware designed to damage hardware during recovery, not a brief outage.
Information security
fromFortune
1 week ago

America hacked Venezuela's grid to literally turn off the lights on Jan. 3. It could happen here, too | Fortune

State-level and supply-chain cyberattacks target industrial control systems, enabling sabotage or pre-positioning; proactive hunting, secure-by-design, and zero-trust defenses are essential.
Business
fromChannelPro
2 months ago

Nozomi Networks eyes channel growth with double executive appointment

Nozomi Networks appoints Matthew Cowell as VP Strategic Alliances and Tyson Gerhold as VP Global Partner and Channel Sales to expand its partner ecosystem.
fromThe Hacker News
2 months ago

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named " shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and November 2028. The packages were collectively downloaded 9,488 times. "The most dangerous package, Sharp7Extend, targets industrial PLCs with dual sabotage mechanisms: immediate random process termination and silent write failures that begin 30-90 minutes after installation, affecting safety-critical systems in manufacturing environments," security researcher Kush Pandya said.
Information security
fromTheregister
3 months ago

Cyberpunks mess with Canada's water, energy, farm systems

The victims included a municipal water facility where pressure values were changed, an oil and gas company whose tank gauge was tampered with, and a farm silo where drying temperatures were altered, "resulting in potentially unsafe conditions if not caught on time." Officials stressed these weren't sophisticated, state-sponsored operations but opportunistic intrusions that caused real-world disruption ranging from false alarms to degraded service. The attackers didn't need custom malware or insider access either - just a connection and curiosity.
Canada news
fromThe Hacker News
3 months ago

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Red Lion's Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors. These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet "Universal" protocol used to interface and enable communication between the kit and the RTUs.
Information security
Information security
fromSecurityWeek
3 months ago

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

Time-related rollover bugs like Y2K38 and Y2036 are exploitable today, risking system failures, cybersecurity bypasses, and physical safety impacts in critical infrastructure.
#operational-technology
more#operational-technology
fromSecurityWeek
3 months ago

NIST Publishes Guide for Protecting ICS Against USB-Borne Threats

NIST has published a new guide designed to help organizations reduce cybersecurity risks associated with the use of removable media devices in operational technology (OT) environments. NIST Special Publication (SP) 1334 was authored by the National Cybersecurity Center of Excellence (NCCoE) and it focuses on the use of USB flash drives, but also mentions other types of removable media such as external hard drives and CD/DVD drives.
Information security
Information security
fromSecurityWeek
4 months ago

Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking

Novakon HMIs contain multiple unauthenticated vulnerabilities enabling remote root code execution, with no available patches and the vendor largely unresponsive.
#cybersecurity
Information security
fromSecuritymagazine
8 months ago

CISA Warns of Cyberattacks Against Critical Oil and Gas Infrastructure

Cyberattacks are targeting critical oil and gas infrastructure systems, prompting urgent cybersecurity measures.
CISA, FBI, EPA, and DOE recommend improving cybersecurity for operational technology and industrial control systems.
more#cybersecurity
[ Load more ]