The Hacker News
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
The Hacker News
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
DarkReading
CISA's agreement is voluntary and, frankly, basic. Signatories say that's a good thing.
The Cyber Express
Lenovo takes a bold step towards fortifying cybersecurity by joining the Secure by Design pledge, initiated by the US Cybersecurity
SecurityWeek
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
SecurityWeek
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.
CSO
Critical Start’s new offering is designed to handle security teams with specialized detection and response tooling for operational technology systems.
DarkReading
"Kapeka" and "Fuxnext" are the latest examples of malware to emerge from the long-standing conflict between the two countries.
Security Affairs
The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure.
SecurityWeek
ICS malware Fuxnet allegedly used by Ukrainian hackers to disrupt industrial sensors and other systems belonging to a Russian firm.
SecurityWeek
Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint.
CyberScoop
At the world's largest industrial cybersecurity conference, Beijing’s operations targeting U.S. critical infrastructure was just one concern among many.
SecurityWeek
Cybersecurity firm Claroty discusses the reasons the healthcare industry has long been a primary target for ransomware attacks.
SecurityWeek
Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched.
DarkReading
Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems.
SecurityWeek
Ransomware attacks aimed at industrial organizations are increasingly impacting OT systems, according to a Claroty report.
SecurityWeek
Hackers have demonstrated 58 zero-days and earned more than $1 million in rewards at Pwn2Own Toronto 2023.
SecurityWeek
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
SecurityWeek
Noteworthy stories that might have slipped under the radar: cybersecurity funding increases and illegal use of smartphone location data.
The Hacker News
Attention IT admins! Update Nagios XI to version 5.11.2 now. The network monitoring software has patched four critical security flaws .
SecurityWeek
Roughly 78% of healthcare organizations fell victim to a cyberattack over the past year and 60% of the incidents impacted care delivery
Infosecurity News
Australian utility company Energy One confirmed it had taken steps to limit a cyber-attack affecting its corporate systems
SecurityWeek
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users.
Infosecurity News
Electronic patient records unavailable for over a week
Latest Hacking News
Researchers found the popular chat service QuickBlox exhibiting numerous security flaws. Exploiting the QuickBlox framework vulnerabilities could allow an adversary to access the users’ data from the apps’ databases. QuickBlox patched the flaw with the
The Hacker News
Multiple vulnerabilities have been found in Honeywell Experion DCS and QuickBlox. If exploited, these flaws could lead to severe compromise of affecte
DataBreaches
Rosie Talaga reports: QuickBlox, a software development framework used in telemedicine and finance, was found to have several critical security flaws,...
SecurityWeek
QuickBlox SDK and API vulnerabilities impact chat and video applications used by industries including telemedicine, smart IoT, and finance.
Cyber Security News
Recent reports from Team82 and CPR team state that there has been a major vulnerability in QuickBlox SDK & API that is used for developing chat and video applications.
DarkReading
St. Margaret's Health is shutting down due to a 2021 ransomware attack and other factors. It's an object lesson for how small and rural healthcare facilities face grave cyber-risk when extortionists come calling.
Security Affairs
Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted […]
The Hacker News
⚠️ ALERT: Critical security flaws discovered in industrial cellular routers' cloud platforms! Exploitation could give hackers full control.
The Hacker News
Attention Netgear RAX30 users! Five new flaws revealed! Hackers could hijack your devices, tamper with settings, and control your smart home.
Security Affairs
Researchers disclosed the details of five vulnerabilities that can be chained to take over some Netgear router models. Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last […]
Latest Hacking News
As the tech world grapples with increasing cyber threats, the cybersecurity community has decided to join hands. Consequently, ETHOS has emerged as an open-source early warning threat information system following a collaboration of cybersecurity leaders.
CSO
Top industrial cybersecurity competitors establish ETHOS, an early warning system that could help spot and avert damaging attacks on operational technology.
CyberSecurity Dive
The platform will provide a vendor-agnostic option for sharing early threat information and intelligence across industries, the group said Monday.
Infosecurity News
The ransomware attack targeted one of its data centers in Hawaii and affected some PoS products
CSO
The 2030 Roadmap for Israel-UK Bilateral Relations promises ongoing cooperation in tackling cyberthreats, governing global cyberspace, developing cybersecurity skills, and investing in the cybersecurity ecosystem.
Infosecurity News
13 vulnerabilities were found in the E11 smart intercom devices by Chinese manufacturer Akuvox
The Hacker News
More than a dozen security flaws have been disclosed in Akuvox E11, a smart intercom product.
Ars Technica
The Akuvox E11 door phone/intercom is riddled with security holes.
DarkReading
The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors.
DarkReading
Thistle's technology will give device makers a way to easily integrate features for secure updates, memory management, and communications into their products, Snyder says.
Infosecurity News
The ships were impacted following an attack on a major software supplier
SecurityWeek
Critical and high-severity vulnerabilities in GE’s Proficy Historian can be exploited by hackers for ICS espionage, damage and disruption.
SecurityWeek
Hacktivists have made bold claims about conducting the first ever ransomware attack on an ICS RTU device, but experts have questioned their claims.
The Hacker News
Security researchers have uncovered multiple vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 PLCs.
Security Affairs
These are the most-read cybersecurity articles that have been published by SecurtiyAffairs in 2022. 1 – Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. 2 […]
The Record
The website for the Port of Lisbon is still down days after officials told a local news outlet that they were dealing with a cyberattack.
The Record
The Food and Drug Administration is pushing for Congress to provide more funding and support to address the cybersecurity of medical devices.
The Hacker News
Researchers detail a new attack method that can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems.
Security Affairs
Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on Cambium Networks’ wireless device management platform. The researchers […]
CSO
Newly discovered method uses JSON syntax to deliver malicious payloads that bypass SQLi protections in popular WAFs.
SecurityWeek
Claroty researchers discovered a generic method for bypassing the WAFs of Palo Alto Networks, AWS, Cloudflare, F5 and Imperva.
Cyber Security News
The Pwn2Own Toronto 2022 hacking contest has started; this year marks the 10th anniversary of the consumer-oriented competition. On the first day of Pwn2Own Toronto 2022, reports of the Samsung Galaxy S22 hack made a splash.
Infosecurity News
Phosphorus published a report encapsulating five years of security research and device testing.
SecurityWeek
On the first day of Pwn2Own Toronto 2022, participants earned $400,000 for hacking printers, routers, phones and NAS devices.
Security Affairs
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during […]
Security Affairs
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil […]
SecurityWeek
A serious vulnerability affecting ABB oil and gas flow computers can cause disruptions and prevent utilities from billing their customers.
The Hacker News
A new vulnerability has been discovered in a critical system used in oil and gas companies.
SecurityWeek
Malicious actors could obtain global private keys that protect Siemens PLCs, and the industrial giant has warned that the likelihood of exploitation is increasing.
SecurityWeek
Nearly a dozen vulnerabilities, including critical flaws, have been found in a car parking management system made by Italian company Carlo Gavazzi.
SecurityWeek
Hacktivists might not know a lot about ICS, but they’re well aware of the potential implications of hacking these devices, and some groups have been targeting ICS to draw attention to their cause.
SecurityWeek
Critical vulnerabilities in Dataprobe’s iBoot-PDU power distribution unit can allow hackers to remotely shut down connected devices.
The Hacker News
CISA warns of newly identified critical remotely exploitable vulnerabilities in Dataprobe's power distribution unit product.
The Record
CISA released a warning about several vulnerabilities found in Dataprobe’s iBoot power distribution units allowing for remote exploitation.
SecurityWeek
Critical KEPServerEX vulnerabilities that impact the products of several major industrial automation vendors can put attackers in a powerful position in OT networks.
Infosecurity News
The ransomware group claimed to have downloaded 700GB of data from GSE
Infosecurity News
IoT device manufacturers can now incorporate security at the start of the product life-cycle
The Record
Aviation sector companies are pushing back on efforts by the TSA to mandate that all cybersecurity incidents are reported within 24 hours.
SecurityWeek
Claroty has published its State of XIoT Security report covering the first half of 2022, and focusing on vulnerabilities and vulnerability disclosures.
Infosecurity News
The research also found that vendor self-disclosures increased by 69%
CSO
Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement.
Infosecurity News
The research resulted in proof-of-concept exploits against seven market-leading automation firms
The Hacker News
Researchers have developed a novel attack technique that weaponizes PLCs to gain an initial foothold in technical workplaces and penetrate operational
SecurityWeek
Researchers have shown how hackers could weaponize PLCs and use them to exploit engineering workstations running software from several major industrial automation companies.
The Hacker News
Researchers have discovered a new "New ParseThru" parameter smuggling vulnerability affecting GoLang-based applications.
Infosecurity News
The two individuals are former workers for a third-party contractor responsible for maintaining the system, said Spanish police
The Hacker News
Researchers have identified two critical vulnerabilities, CVE-2022-34907 and CVE-2022-34906, in FileWave's cross-platform mobile device management.
SecurityWeek
Researchers discovered critical vulnerabilities in the FileWave MDM product that could have been exploited to hack over 1,000 organizations.
Security Affairs
Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may […]
CyberSecurity Dive
Ransomware attacks target common vulnerabilities like legacy OT systems and equipment that lacks modern security tools.
DarkReading
The most serious flaw gives attackers a way to remotely execute code on systems that many organizations use to move data in critical ICS environments, security vendor says.
Infosecurity News
Energy corporations agree to cooperate on cybersecurity amid surging attacks on the sector
CyberSecurity Dive
Electric utilities, up against growing cyberthreats and poor security practices, "could result in negative rating actions," Fitch Ratings said.
Cyber Security News
An intrusion detection system called Snort has been found to have a security vulnerability, reported by the cyber security analysts at Team82. And this could trigger the occurrence of a denial of service (DoS) condition, making the system ineffective.
Security Affairs
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) which is currently developed by Cisco. The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and […]
DarkReading
The Russian government is ratcheting up malicious cyberattacks against critical infrastructure in countries supporting Ukraine.
The Hacker News
Researchers disclose details about a now-patched vulnerability in the Snort Intrusion Detection and Prevention System.
CSO
Sandworm succeeded in planting a new version of the Industroyer malware to disrupt ICS infrastructure at multiple levels, but was thwarted from doing serious damage.
SecurityWeek
Honeywell, Claroty, Nozomi and Forescout have teamed up to create the Operational Technology Cybersecurity Coalition.
SecurityWeek
A data theft tool used by the BlackCat (ALPHV) ransomware group shows the cybercriminals are increasingly interested in industrial organizations.
The Record
CISA on Thursday released two Industrial Controls Systems Advisories detailing vulnerabilities in Rockwell Automation products that could allow a threat actor to inject malicious code on an affected system.
The Hacker News
Critical Bugs in Rockwell Automation PLC Could Allow Hackers to Implant Malicious Code on Affected Systems.
SecurityWeek
Researchers have discovered two serious vulnerabilities that can be exploited to launch Stuxnet-style attacks against PLCs from Rockwell Automation.
ZDNet
The flaws can be exploited to execute code on vulnerable controllers and workstations.
DarkReading
CISA urges organizations using affected technologies to implement recommended mitigation measures.
DarkReading
The makers of operational technology and connected devices saw reported vulnerabilities grow by half in 2021, but other trends may be more disturbing.
Infosecurity News
Past four years sees surge in ICS vulnerability disclosures with most vulnerabilities of low complexity
Loading more articles....