#CriticalInfrastructure

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

by

November 21, 2024 at 06:11AM New research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) in 175 countries, with the U.S. having the highest exposure. Key protocols used are outdated, increasing vulnerability. Cyber attacks targeting ICS are rare but rising, necessitating enhanced security measures. The analysis underscores the importance of monitoring and securing critical infrastructure. … Read more

Jen Easterly, CISA Director, to Step Down on Inauguration Day

by

November 18, 2024 at 03:56PM Jen Easterly, director of CISA, will resign on Inauguration Day as part of a transition to a Trump administration. During her tenure, she addressed significant cybersecurity incidents, including the Colonial Pipeline attack, and implemented new initiatives. Future plans for CISA remain uncertain amid calls from Republicans for mission restrictions. ### … Read more

Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection

by

November 18, 2024 at 10:33AM Cyber Threat Intelligence (CTI) is vital for cybersecurity, emphasizing the importance of actionable, reliable, and timely information. Indicators of Compromise (IOCs) are crucial but often generic and ineffective. Custom IOCs enhance threat detection, adapt to specific risks, improve supply chain security, and support compliance, making them essential for organizational defense. … Read more

Homeland Security Department Releases Framework for Using AI in Critical Infrastructure

by

November 15, 2024 at 03:26PM The Homeland Security Department’s framework advises AI developers to assess risky capabilities, align products with human-centric values, and safeguard user privacy in critical infrastructure applications. **Meeting Takeaways:** 1. **Evaluation of Capabilities**: AI developers are advised to assess and evaluate any potentially dangerous functionalities of their products. 2. **Alignment with Human-Centric … Read more

Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats

by

November 15, 2024 at 08:05AM President-elect Donald Trump’s administration is expected to prioritize critical infrastructure security while reducing cybersecurity regulations. Experts predict a shift in cyber threats due to changing foreign policies, particularly concerning China, Iran, and Russia. Companies may see an uptick in state-level privacy regulations amid an easing of federal oversight. ### Meeting … Read more

OpenText Cybersecurity Unveils 2024’s Nastiest Malware

by

November 13, 2024 at 05:58PM OpenText has released its “Nastiest Malware of 2024” list, with ransomware LockBit topping the rankings for its persistent attacks on critical infrastructure. Cybersecurity investments are expected to rise by 14.3%, exceeding $215 billion. Other notable malware include Akira, RansomHub, Dark Angels, Redline, and Play Ransomware. ### Meeting Takeaways from OpenText … Read more

CISA Releases Its First Ever International Strategic Plan

by

November 13, 2024 at 05:58PM CISA has launched its first International Strategic Plan for 2025-2026, aimed at enhancing the security and resilience of critical infrastructure through international collaboration. The plan outlines three key goals: bolstering foreign infrastructure resilience, strengthening cyber defense, and unifying international coordination efforts, emphasizing global partnership importance. **Meeting Takeaways: CISA’s 2025–2026 International … Read more

China’s Volt Typhoon crew and its botnet surge back with a vengeance

by

November 12, 2024 at 08:01PM China’s Volt Typhoon cyber group has resurfaced, compromising outdated Cisco and Netgear routers to target critical U.S. infrastructure, sparking cyberattacks. Despite previous claims of dismantling the botnet, researchers report increased sophistication, with breaches extending to Singapore Telecommunications. The resurgence highlights rising Chinese cyber espionage threats globally. ### Meeting Takeaways on … Read more

Mystery Hackers Target Texas Oilfield Supplier in Ransomware Attack

by

November 8, 2024 at 05:05PM Newpark Resources reported a ransomware attack, disrupting access to its information systems but allowing continued manufacturing operations. The company is investigating the breach and has activated its security response plan. Experts emphasize the need for industrial organizations to balance security with operational connectivity to prevent significant downtime impacts. ### Meeting … Read more

Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

by

November 7, 2024 at 07:02AM Cisco has issued an alert about a serious vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul systems. The flaw allows unauthorized remote access to admin-level control and potential exploitation. Affected models include Catalyst IW9165D/E and IW9167E. Immediate patching is required, with a CVSS score of 10.0. **Meeting Takeaways on Cisco Critical … Read more