August 30, 2024 at 02:42AM The SANS Institute has released a guide, “ICS Is the Business,” by Dean Parsons. It addresses the increasing need for ICS security in the face of a 50% rise in ransomware attacks in 2023. The guide emphasizes the critical steps organizations must take to safeguard their operations and ensure public … Read more
August 29, 2024 at 04:49PM The SANS Institute has released a critical strategy guide, “ICS Is the Business,” in response to a 50% increase in ransomware attacks on ICS in 2023. Authored by Dean Parsons, the guide emphasizes the growing threat landscape, the impact of high-frequency attacks, ICS cybersecurity controls, and the role of AI, … Read more
August 29, 2024 at 04:42AM Two major ICS/OT security firms made product announcements: Dragos released a platform to streamline threat and vulnerability workflows, enhancing asset inventory capabilities, and adding customizable filters for efficient asset data management. Nozomi Networks collaborated with Mandiant to enhance its threat intelligence and announced Vantage Threat Cards for quick access to … Read more
August 7, 2024 at 03:06PM An analysis by Censys revealed over 40,000 internet-exposed industrial control systems (ICS) in the US, with challenges in notifying owners. The majority are linked to building control and automation, and low-level automation protocols are mainly in wireless and consumer networks. Risks include unauthenticated manipulation and targeting by threat actors. Notifying … Read more
August 6, 2024 at 09:05AM A security vulnerability (CVE-2024-6242, CVSS 8.4) in Rockwell Automation ControlLogix 1756 devices allows remote attackers to send elevated commands, compromising operational technology. The bug bypasses Rockwell’s trusted slot mechanism, enabling unauthorized access to critical infrastructure. To mitigate, apply Rockwell’s patches immediately to affected devices widely used in industrial manufacturing environments. … Read more
August 5, 2024 at 02:18AM A high-severity security bypass vulnerability (CVE-2024-6242, CVSS 8.4) in Rockwell Automation ControlLogix 1756 devices, disclosed by the U.S. Cybersecurity and Infrastructure Security Agency, allows attackers to execute CIP commands, potentially modifying user projects and device configuration. The vulnerability has been addressed in specific device versions after responsible disclosure. Claroty, the … Read more
July 25, 2024 at 10:06AM Cybersecurity risks extend to operational technology (OT), often overlooked by IT and cybersecurity professionals. Lack of attention on OT attacks, such as those on critical infrastructure, highlights the need for better security measures. Proposed solutions include risk management, visibility, documentation, and secure remote access. Challenges persist due to limited tools, … Read more
July 23, 2024 at 06:27AM Industrial cybersecurity firm Dragos recently disclosed details on FrostyGoop, a new malware impacting industrial control systems (ICS). The malware was used in an attack in January 2024, resulting in a disruption to a municipal district energy company in Lviv, Ukraine. This incident caused a loss of heating for residents and … Read more
July 17, 2024 at 04:35AM Hackers with ties to the Chinese government have gained access to US critical infrastructure, transitioning from espionage to potentially compromising or destroying infrastructure via operational technology. Recent attacks on maritime and water systems signal the need for increased OT security. Three key steps include converging IT and OT security, developing … Read more
June 28, 2024 at 04:39AM Multiple security flaws in Emerson Rosemount gas chromatographs, impacting versions 4.1.5 and prior, have been disclosed. Claroty identified command injection, authentication, and authorization vulnerabilities, enabling attackers to execute arbitrary commands and access sensitive information. Emerson has released an updated firmware to address these issues and advises following cybersecurity best practices … Read more