Infosecurity News
#BHUSA: What has Changed in the Post-Stuxnet Era?
Investigative journalist Kim Zetter explains that Stuxnet continues to serves as a precedent for attacks happening now
SecurityWeek
New Vulnerabilities Allow Stuxnet-Style Attacks Against Rockwell PLCs
Researchers have discovered two serious vulnerabilities that can be exploited to launch Stuxnet-style attacks against PLCs from Rockwell Automation.
SecurityWeek
Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers
Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware.
DarkReading
US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran
Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, using a Dutch spy to deploy it and sabotage Iran's nuclear program in 2008.
SecurityWeek
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report
An engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.
HACKRead
Dutch Man Deployed Stuxnet via Water Pump to Disable Iran's Nukes
Investigative journalist Huib Modderkolk from Dutch national newspaper De Volkskrant uncovered that 36-year-old Dutch civil engineer Erik van Sabben played a ‘crucial role’ in a 2007 mission supported by the US and Israel. He was instrumental in deploying the advanced Stuxnet virus to sabotage an Iranian nuclear complex.
Security Affairs
CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of vulnerabilities added to the catalog: CVE-2022-40139: Trend […]
DarkReading
Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks
CISA urges organizations using affected technologies to implement recommended mitigation measures.
Ars Technica
A widespread logic controller flaw raises the specter of Stuxnet
Over 120 PLC models contain a serious vulnerability—and no fix is on the way.
Bleeping Computer
CISA orders agencies to patch vulnerability used in Stuxnet attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them.
ZDNet
The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities | ZDNet
The flaws can be exploited to execute code on vulnerable controllers and workstations.
CyberNews
Ukrainian hackers left Moscow’s sewage system without 87,000 sensors
Hackers claim to have permanently damaged some physical devices with the malware Fuxnet, which they describe as “Stuxnet on steroids.”
Security Affairs
Iran announced to have foiled massive cyberattacks on public services
State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted […]
Ars Technica
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
DarkReading
New Malware Tools Pose 'Clear and Present Threat' to ICS Environments
The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.
SecurityWeek
State TV Says Iran Foiled Cyberattacks on Public Services
Iran on April 24th said it thwarted cyberattacks that planned to target the infrastructure of more than 100 public sector agencies.
ThreatPost
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
The Record
CISA, Claroty warn of two vulnerabilities affecting industrial Rockwell products
CISA on Thursday released two Industrial Controls Systems Advisories detailing vulnerabilities in Rockwell Automation products that could allow a threat actor to inject malicious code on an affected system.
SecurityWeek
Russia, Ukraine and the Danger of a Global Cyberwar
The big difference between the Russia of the USSR and the Russia of today has been the emergence of cyber as an accepted theater of war. It is this role of cyber that SecurityWeek discussed with Marcus Willett.
The Record
Are America’s nuclear systems so old they’re un-hackable?
As the Cold War drew to a close a surprising contender emerged as the third largest nuclear power on earth: Ukraine. The country was home to some 5,000 nuclear weapons, placed there by Moscow when Ukraine was still part of the Soviet Union. Kyiv sent the weapons back to Russia in exchange for security guarantees […]
Trend Micro
Oil and Gas Cybersecurity: Threats Part 2
In part two of our oil and gas series, we look at more threats that can expose the industry to cyberattacks.
SecurityWeek
A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran
Nearly 70% of Iran’s nearly 33,000 gas stations went out of service in what is a suspected cyberattack
Security Affairs
Security Affairs newsletter Round 384
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. LastPass revealed that intruders had internal access for four days during the August hack CISA adds […]
SecurityWeek
Rockwell Automation Urges Customers to Disconnect ICS From Internet
Rockwell Automation is concerned about internet-exposed ICS due to heightened geopolitical tensions and adversarial cyber activity globally.
The Hacker News
Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code
Critical Bugs in Rockwell Automation PLC Could Allow Hackers to Implant Malicious Code on Affected Systems.
Infosecurity News
Biden Mulls “Massive” Cyber Strikes on Russia – Report
Unnamed intelligence officials say President Biden is considering unprecedented action
ThreatPost
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
ZDNet
GitHub now scans for secret leaks in developer workflows | ZDNet
The new tool aims to protect developers against API and token exposure.
SecurityWeek
Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities
Critical vulnerabilities in a Delta OT monitoring product can allow hackers to hide their destructive activities from the victim.
Infosecurity News
New Attack Weaponizes PLCs to Hack Enterprise and OT Networks
The research resulted in proof-of-concept exploits against seven market-leading automation firms
CSO
Rare and dangerous Incontroller malware targets ICS operations
A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.
SecurityWeek
Solving the Quantum Decryption 'Harvest Now, Decrypt Later' Problem
Quantum resiliency firm Qrypt has released a product designed to take asymmetric encryption out of the equation by eliminating the need for traditional key distribution
Ars Technica
Microsoft digital certificates have once again been abused to sign malware
Code-signing is supposed to make people safer. In this case, it made them less so.
SecurityWeek
Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks
Rockwell Automation ThinManager ThinServer vulnerabilities could allow remote attackers to take control of servers and hack HMIs.
The Cyber Express
Predatory Sparrow Hacker Group Targets Over 70% of Iran’s Gas Stations
A hacktivist collective known as "Predatory Sparrow" (or "Gonjeshke Darande" in Persian) declared on Monday that it had perhaps subverted
SecurityWeek
ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
ICS Patch Tuesday: Siemens and Schneider Electric address dozens of vulnerabilities affecting their industrial products.
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
CyberSecurity Dive
Authorities warn dangerous new malware can shut down, sabotage industrial sites
The malware initially targeted Schneider Electric and Omron controllers.
SecurityWeek
Exiled Iran Group Claims Tehran Hacking Attack
An exiled Iranian opposition group claimed a hacking attack which it said temporarily took control of dozens of websites run by Tehran's municipality and thousands of the capital's surveillance cameras.
CSO
Dozens of insecure-by-design flaws found in OT products
The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.
The Hacker News
New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
New industrial malware COSMICENERGY unearthed – targeting electric transmission operations in Europe, Middle East, and Asia.
The Hacker News
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
Researchers have developed a novel attack technique that weaponizes PLCs to gain an initial foothold in technical workplaces and penetrate operational
SecurityWeek
Albania Suffers Renewed Cyberattack, Blames Iran
Albania has suffered a new cyberattack, the country's interior ministry said on September 10, blaming Iran which Tirana also accused of an earlier assault on its digital systems.
The Record
More than 2,000 cybersecurity patent applications filed since 2010: report
The number of cybersecurity patent applications has skyrocketed over the past decade, with U.S. companies leading the way.
.webp)
Cyber Security News
Ukrainian Hackers Hijacked 87,000 Sensors to Shut down Sewage System
Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring infrastructure in Russia.
SecurityWeek
APT Exploit Targeting Rockwell Automation Flaws Could Threaten Critical Infrastructure
Two Rockwell Automation product vulnerabilities have been used for a new exploit by an APT group that could target critical infrastructure.
ZDNet
US warning: Hackers have built tools to attack these key industrial control systems | ZDNet
US government puts energy sector on high alert over specialized malware for disrupting industrial control systems.
SecurityWeek
Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated
An analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption.
DarkReading
Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs
Seedworm, aka MuddyWater, drops PowerShell-based malware on victims using living-off-the-land techniques.
The Hacker News
Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats
Rockwell Automation urges customers to disconnect industrial control systems from the public internet due to heightened cyber threats
The Hacker News
Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts
"Mind Sandstorm," an Iranian cyber espionage group, has targeted experts in Middle Eastern affairs across several countries.
SecurityWeek
Security Researchers Dig Deep Into Siemens Software Controllers
A team of researchers from the Technion research university in Israel is conducting an analysis of Siemens software controllers and they are gradually identifying security issues.
Security Affairs
Security Affairs newsletter Round 454 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Trend Micro
Oil and Gas Cybersecurity: Industry Overview Part 1
With geopolitical tensions running high, oil and gas companies may be more susceptible to cyberattacks.
CSO
"Evil PLC Attack" weaponizes PLCs to infect engineering workstations
Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement.
SecurityWeek
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure
ICS malware Fuxnet allegedly used by Ukrainian hackers to disrupt industrial sensors and other systems belonging to a Russian firm.
ZDNet
This evasive new cyberattack can bypass air-gapped systems to steal data from the most sensitive networks
Cybersecurity researchers at Ben-Gurion University demonstrate a novel technique that steals data using electromagnetic radiation and a $1 antenna.
Cyber Security News
Power Management Devices Flaw Let Attackers Shutdown Data Center
Researchers discovered four vulnerabilities in CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe's iBoot Power Distribution Unit (PDU).
DarkReading
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage
Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.
Ars Technica
How one of Vladimir Putin’s most prized hacking units got pwned by the FBI
After decades of watching Kremlin-backed hackers, the FBI ID'd weaknesses and pounced.
Trend Micro
Global Security Trends: AI, Politics & Zero Trust
Trend Micro’s Chief Technology Strategy Officer discusses the biggest cybersecurity trends and what to watch for in 2024.
Bleeping Computer
Air-gapped PCs vulnerable to data theft via power supply radiation
A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems isolated from the internet over a distance of at least two meters (6.5 ft), where its captured by a receiver.
DarkReading
Wiper Malware Surges Ahead, Spiking 53% in 3 Months
Cybercriminals and hacktivists have joined state-backed actors in using sabotage-bent malware in destructive attacks, new report shows.
The Hacker News
Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool
A team of Chinese researchers has revealed details of a "top-tier" backdoor used by the Equation Group, a APT group linked to the NSA.
Bleeping Computer
Microsoft unveils new, more secure Windows Protected Print Mode
Microsoft announced a new Windows Protected Print Mode (WPP), introducing significant security enhancements to the Windows print system.
CyberScoop
Mysterious malware designed to cripple industrial systems linked to Russia
The code designed to target industrial control systems joins the pantheon of dangerous malware that can cause cyber-physical harm.
The Hacker News
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
Microsoft highlights the critical need to secure internet-exposed OT devices amidst rising cyber attacks.
Cyber Security News
What is Malware Attack? Types, Methods, Distribution, Protection - Guide
A malware attack is a cyber-attack using malicious software to gain unauthorized access to a computer system or network.
DarkReading
China's Dogged Campaign to Portray Itself as Victim of US Hacking
After the US and its allies formally accused China of irresponsible and malicious behavior in cyberspace back in 2021, the government there has been on a mission to cast the US in the same light.
Bleeping Computer
CASPER attack steals data using air-gapped computer's internal speaker
Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER can leak data from air-gapped computers to a nearby smartphone at a rate of 20bits/sec.
Computerworld
Designer smartphone hacks will trickle down in 2022
State-sponsored attacks similar to NSO Group's Pegasus will begin to leak into the criminal hacker community in 2022, Watchguard warns.
SecurityWeek
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows
Cyber warfare campaigns are being intensely deployed by both sides as Russia's invasion of Ukraine grinds on, though the covert operations have not yet proved decisive on the battlefield.
DarkReading
Russia-Ukraine Conflict Holds Cyberwar Lessons
Initial attacks used damaging wiper malware and targeted infrastructure, but the most enduring impacts will likely be from disinformation, researchers say. At Black Hat USA, SentinelOne's Juan Andres Guerrero-Saade and Tom Hegel will discuss.
The Record
CISA, Claroty highlight severe vulnerabilities in popular power distribution unit product
CISA released a warning about several vulnerabilities found in Dataprobe’s iBoot power distribution units allowing for remote exploitation.
Security Affairs
Blackjack group used ICS malware Fuxnet against Russian targets
The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure.
Bleeping Computer
Microsoft admits to signing rootkit malware in supply-chain fiasco
Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs.
Security Affairs
The Difference Between Human and Machine Identities
As digital transformation is advancing and automation is becoming an essential component of modern enterprises, collaboration between humans and machines is crucial. With this level of interaction, a new identity problem is emerging as machines operate on behalf of humans. Collaboration between humans and machines is a working reality today. Along with this comes the […]
Bleeping Computer
Sandworm hackers fail to take down Ukrainian energy provider
The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware.
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too…
Ars Technica
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
SecurityWeek
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services
Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services.
The Record
Ukraine energy facility took unique Sandworm hit on day of missile strikes, report says
Researchers from Mandiant reported on an October 2022 incident involving Russian nation-state hackers that included multiple rare or previously unseen elements.
ThreatPost
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.
Ars Technica
US uncovers “Swiss Army knife” for hacking industrial control systems
"Pipedream" an extremely versatile malware toolkit for targeting power grids, refineries.
Trend Micro
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Trend Micro
Where is the Origin QAKBOT Uses Valid Code Signing
Code signing certificates help us assure the file's validity and legitimacy. However, threat actors can use that against us. In this blog, discover how QAKBOT use such tactic and learn ways how to prevent it.
SecurityWeek
Tripwire for Real War? Cyber's Fuzzy Rules of Engagement
If the West were to respond harshly to Russian aggression, Moscow could retaliate against NATO nations in cyberspace with an intensity and on a scale previously unseen
The Hacker News
Riding the AI Waves: The Rise of Artificial Intelligence to Combat Cyber Threats
AI arms race in cybersecurity: From spam filters to spear phishing, AI is both defender and weapon. Learn how Cylance AI is staying ahead of the game,
Bleeping Computer
A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster
Recently, FortiGuard Labs released the latest Global Threat Landscape Report for the second half of 2021. There is a ton of data in it and several key takeaways. The main themes that weave through this report are about the increase in cybercriminal sophistication as well as speed.
The Hacker News
What's Wrong with Manufacturing?
Industry under fire: Manufacturing seems to be exceptionally impacted by cyberattacks. Why could that be? Is it the vulnerable machinery?
The Record
A year of wipers: How the Kremlin-backed Sandworm has attacked Ukraine during the war
The Kremlin-affiliated Sandworm is perhaps Russia's most visible hacker group, with an emphasis on disruptive cyberattacks.
SecurityWeek
Does the Free World Need a Global Cyber Alliance?
Creating a global cyber intelligence organization would likely drive Russia and China closer together – perhaps including Iran and North Korea and Russian and Chinese satellite nations – into their own special relationship.
ThreatPost
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
DarkReading
CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
CSO
PLC vulnerabilities can enable deep lateral movement inside OT networks
Researchers demonstrate how attackers can target PLCs to bypass authentication and perform remote code execution on industrial networks.
The Record
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles'
Participants in high-profile wargames "react in very unusual ways to cyber operations," the Hoover Institution's Jacquelyn Schneider tells the Click Here podcast team.
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and