July 25, 2024 at 10:06AM Cybersecurity risks extend to operational technology (OT), often overlooked by IT and cybersecurity professionals. Lack of attention on OT attacks, such as those on critical infrastructure, highlights the need for better security measures. Proposed solutions include risk management, visibility, documentation, and secure remote access. Challenges persist due to limited tools, … Read more
July 23, 2024 at 07:42AM Researchers have identified a new ICS-focused malware, FrostyGoop, which targets industrial control systems using Modbus TCP to disrupt operational technology networks. It was used in a cyber attack on an energy company in Lviv, Ukraine, causing a 48-hour loss of heating services to over 600 apartment buildings. The incident highlights … Read more
July 22, 2024 at 02:23PM The US government imposed sanctions on two Russian cybercriminals, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, for cyberattacks on critical infrastructure. Pankratova leads the hacktivist group Cyber Army of Russia Reborn (CARR), while Degtyarenko is the primary hacker. CARR targeted industrial systems at critical infrastructure sites in the US and … Read more
July 22, 2024 at 01:15PM Two members of the Russian hacktivist group Cyber Army Russia Reborn (CARR) were sanctioned by the US Department of Treasury for cyberattacks on US critical infrastructure. Yuliya Pankratova, the leader, and Denis Degtyarenko, the primary hacker, were involved in disrupting operations at water facilities and compromising industrial control systems, but … Read more
July 22, 2024 at 10:36AM The US Department of Treasury imposed sanctions on Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, leaders of the Russian hacktivist group CARR, for cyberattacks targeting critical infrastructure in the US and Europe. CARR’s activities, including compromising industrial control systems, have led to significant security concerns, resulting in sanctions and asset … Read more
July 22, 2024 at 08:11AM Two members of the Cyber Army of Russia Reborn (CARR) hacktivist crew, Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, have been added to the US sanctions list for their alleged roles in attacks on US critical national infrastructure. These attacks included remote manipulation of controls and compromising SCADA systems. Other … Read more
July 19, 2024 at 09:06AM Ransomware attacks on critical infrastructure sectors are escalating, with 67% of operators in the oil, energy, and utility sectors affected in 2023. Attacks on these sectors impact an average of 62% of systems and exploit software vulnerabilities as the primary attack vector. Recovery costs continue to rise, emphasizing the urgency … Read more
July 19, 2024 at 08:43AM The Cybersecurity and Infrastructure Security Agency released a supplemental manual for infrastructure resilience planning, offering guidance on enhancing security and resiliency for critical infrastructure. It includes processes, table top exercises, and key actions for resilience planning, outlined by CISA’s executive assistant director for infrastructure security, David Mussington. The manual is … Read more
July 4, 2024 at 06:37AM Microsoft has disclosed two security vulnerabilities in Rockwell Automation PanelView Plus, which could be exploited by remote attackers for remote code execution and denial-of-service (DoS) attacks. These flaws are tracked as CVE-2023-2071 and CVE-2023-29464, impacting FactoryTalk View Machine Edition and FactoryTalk Linx. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) … Read more
June 28, 2024 at 04:39AM Multiple security flaws in Emerson Rosemount gas chromatographs, impacting versions 4.1.5 and prior, have been disclosed. Claroty identified command injection, authentication, and authorization vulnerabilities, enabling attackers to execute arbitrary commands and access sensitive information. Emerson has released an updated firmware to address these issues and advises following cybersecurity best practices … Read more