As hackers get smarter, America’s energy industry is shoring up its defenses

America is under attack. Every day, we’re besieged by a group of enemy combatants. Nameless, faceless, and spread throughout the world, this group is united by a single aim: to upend American life as we know it. These attackers are Read More …

4 Stuxnet-Related APTs Form Gossip Girl, an ‘Apex Threat Actor’

The infamous Stuxnet family of industrial sabotage malware is likely the work of a mysterious “supra-group” that Chronicle researchers Juan Andres Guerrero Saad and Silas Cutler have dubbed Gossip Girl; and it’s a group that turns out to be larger Read More …

Study Highlights ‘Relentless’ Attacks On Critical Infrastructure

Cyber-attacks on critical infrastructure are “relentless and continuous”, with successful attacks often taking systems offline, a new study has found. The study by the Ponemon Institute, based on a survey of 701 security professionals in seven countries, including the UK, found that Read More …

Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it. A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component Read More …

Report: Industrial control systems face uphill security battles in 2019

Dragos, a security firm that specializes in industrial control systems (ICS) has released three year-in-review reports that cover vulnerabilities reported in 2018, the 2018 threat landscape, and lessons it learned in responding to ICS security incidents. IT security professionals operating Read More …

Siemens Warns of Critical Remote-Code Execution ICS Flaw

Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management (DRM) solution that affects the SICAM 230 process control system. SICAM 230 is used for a Read More …

Honeywell Introduces First Industrial Cybersecurity Solution To Guard Against Malicious Usb Device Attacks

Honeywell today announced the latest release of Secure Media Exchange (SMX), a cybersecurity solution to protect industrial operators against new and emerging Universal Serial Bus (USB) threats. SMX now includes patent pending capabilities to protect against a broad range of malicious Read More …

Security alert for vulnerabilities in Siemens PLCs

Siemens has issued a security alert about the company’s Simatic S7-1500 programmable logic controllers (PLCs) after security researchers at Positive Technologies reported “serious vulnerabilities” that exposed industrial processes to denial-of-service (DoS) attacks. The researchers warn that, left unpatched, the vulnerabilities can be exploited by cyber Read More …

Newsmaker Interview: Bruce Schneier on Physical Cyber Threats

Bruce Schneier discusses the clash between critical infrastructure and cyber threats. Attacks on physical devices and infrastructure offer a new target for cyber crime, a new opportunity for espionage and even a few front in cyber war. Rather than exploit Read More …

Russian Critical Infrastructure Targeted by Profit-Driven Cybercriminals

Several critical infrastructure organizations in Russia have been targeted by hackers believed to be financially-motivated cybercriminals rather than state-sponsored cyberspies. An analysis of malicious Word documents led researchers at endpoint security firm Cylance to discover fake websites set up to Read More …