April 18, 2024 at 04:33PM CISA issued a security advisory warning of vulnerabilities in Unitronics Vision Series PLCs and Mitsubishi Electric MELSEC iQ-R CPUs. Unitronics PLCs store passwords in a recoverable format, leaving them open to cyberattacks. Mitsubishi CPUs transmit passwords in cleartext and have flaws that could compromise device access. The advisory recommends defensive … Read more
April 17, 2024 at 04:54PM Two newly discovered malware tools, Kapeka and Fuxnet, have targeted industrial control systems and operating technology in Europe, marking the cyber repercussions of the ongoing conflict between Russia and Ukraine. Kapeka, connected to the Sandworm group, functions as a persistent backdoor, while Fuxnet, used by the Blackjack group, aims to … Read more
March 5, 2024 at 02:55PM The proliferation of programmable logic controllers (PLCs) with embedded Web servers has enabled remote attacks on industrial control systems. A team at the Georgia Institute of Technology has developed Web-based malware to exploit PLCs, manipulatively controlling physical systems and posing severe threats to critical infrastructure and safety. The method provides … Read more
March 4, 2024 at 07:18AM A team of Georgia Tech researchers developed web-based PLC malware, IronSpider, targeting modern PLCs such as Wago, Siemens, and others. This malware exploits web APIs, can persist through updates and hardware replacements, and has potential for real-time data exfiltration and destruction of industrial processes. The researchers also proposed a vendor-agnostic … Read more
February 28, 2024 at 05:34PM Voltzite, a unit of China’s Volt Typhoon APT, is targeting electric transmission and distribution organizations in African nations, mirroring its US activities. The group aims to compromise industrial control systems and exploit GIS data, potentially linked to China’s Digital Silk Road initiative. These cyber threats intersect with geopolitical tensions, highlighted … Read more
February 5, 2024 at 06:06PM Mitsubishi Electric identified high-severity authentication bypass and critical remote code execution vulnerabilities in several factory automation products. The impacted products include EZSocket, FR Configurator2, GT Designer3, GX and MT Works, MELSOFT Navigator, and MX. The company advised users to implement cybersecurity measures while it works on patches and released advisories … Read more
January 31, 2024 at 12:17PM Volt Typhoon, a Chinese-government-backed cyberespionage group, has been targeting US energy, satellite, and telecommunications systems, according to security firm Dragos’ CEO Robert Lee. The group’s tactics, which include a slow and strategic approach, have raised concerns about potential disruptions to critical infrastructure. Lee also highlighted the threat posed by the … Read more
January 26, 2024 at 09:24AM Recent research from Dragos shows that despite recent takedowns of top ransomware groups, remaining threat actors continue to evolve new tactics and capitalize on zero-day vulnerabilities to target industrial control systems (ICS). While the number of attacks has decreased, these groups are refining their techniques and increasing their media relations … Read more
December 18, 2023 at 11:09AM The cybersecurity agency CISA advises manufacturers to cease using default passwords for industrial control systems (ICS) in the water sector due to recent attacks. It recommends implementing safe default behavior, eliminating widely known default passwords, and conducting field tests to ensure secure product usage. Executives are urged to drive security … Read more
December 11, 2023 at 07:48AM Critical vulnerabilities in Delta Electronics’ InfraSuite Device Master, a data center facility monitoring software, were disclosed by CISA and ZDI. The flaws, including remote code execution and obtaining plaintext credentials, can be exploited by attackers to hide destructive activities from employees and gain administrative privileges. These vulnerabilities have reportedly been … Read more