November 20, 2024 at 10:12AM The commentary emphasizes the underfunding of essential U.S. cybersecurity agencies, particularly NIST and the National Vulnerabilities Database (NVD). It argues that inadequate resources jeopardize the nation’s cybersecurity efforts, urging Congress to provide appropriate funding to safeguard critical infrastructure and maintain the U.S.’s status as a cyber superpower. ### Meeting Takeaways: … Read more
November 18, 2024 at 09:51AM On December 10th at 10am PT/1pm ET, Red Hat will host the State of Linux Security Symposium 2024, offering IT professionals insights on securing Linux environments. Featuring six sessions, topics include security practices, supply chain safeguards, and RHEL benefits. Register now to enhance your Linux security knowledge. ### Meeting Notes … Read more
September 12, 2024 at 08:09AM UnDisruptable27 aims to prepare for cyberattacks on critical infrastructure in the US, focusing on water, emergency medical care, food supply chains, and power supplies. Led by the Institute for Security and Technology, the initiative is funded by Craig Newmark Philanthropies and will engage stakeholders to make infrastructure “undisruptable” by 2027. … Read more
June 14, 2024 at 03:00AM Critical national infrastructure (CNI) is a prime target for sophisticated threat actors due to its vital role in supporting various industries. Recent reports highlight concerns over vulnerabilities, with fears of espionage from Chinese repair ships and state-sponsored cyber-attacks on CNI networks. Protecting CNI is crucial for national security, economic stability, … Read more
April 12, 2024 at 10:08AM Organizations are facing increased attacks on critical infrastructure, but they have the necessary knowledge and tools to defend against these threats. Based on the meeting notes, the key takeaway is that while attacks on critical infrastructure are increasing, organizations have the necessary knowledge and tools to effectively defend against them. … Read more
December 6, 2023 at 06:18AM Forescout discovered 21 vulnerabilities in Sierra Wireless routers, potentially exposing critical infrastructure to remote attacks. Clear Takeaways from Meeting: – Forescout has identified a total of 21 vulnerabilities in Sierra Wireless OT/IoT routers. – These vulnerabilities have the potential to expose critical infrastructure organizations to remote cyber attacks. – The … Read more
December 4, 2023 at 06:36PM Iran-linked cyber group CyberAv3ngers, tied to the IRGC, exploited default passwords to attack US water systems using Israeli PLCs, as warned by multiple US agencies. No operational impact on water safety was reported. Agencies advise against exposing PLCs online and using default passwords. Meeting Takeaways: 1. Iranian cybercriminals, associated with … Read more
December 4, 2023 at 08:12AM Cyber Av3ngers, a group linked to the Iranian government, is attacking industrial control systems (ICS) at several US water facilities, reports SecurityWeek. Clear Takeaways from Meeting Notes: 1. The Cyber Av3ngers group is actively targeting industrial control systems (ICS) at various water facilities. 2. There is an affiliation between the … Read more
November 29, 2023 at 04:28PM CISA investigates a cyberattack on a Pennsylvania water authority by suspected Iranian hackers targeting PLCs in US infrastructure. The Municipal Water Authority of Aliquippa switched to manual controls after an attack, causing operational inconvenience but not affecting water quality. Meanwhile, a Texas water district is recovering from a ransomware attack … Read more
November 29, 2023 at 01:13PM CISA alerts of a cyber intrusion at a U.S. water facility via internet-exposed Unitronics PLCs, without harming drinking water. The agency advises replacing default passwords, using MFA, disconnecting PLCs from the internet, using firewalls, backing up systems, changing ports, and updating firmware to bolster security. Key Takeaways from Meeting Notes: … Read more