IT / OT Security News

Nearly 100 drinking water systems across the U.S. have “high-risk” vulnerabilities in the technology they use to serve millions of residents, according to a new report from a federal watchdog.

EPA flags security vulnerabilities in more than 300 drinking water systems that serve roughly 110 million individuals.

The FBI and other agencies accused Iranian cyber actors of targeting the 2024 Summer Olympics

Cybersecurity threats to water utilities have accelerated in 2024 as Iranian, Chinese, and Russian threat actors increasingly target these critical systems.

OpenAI has disrupted 20 cyber and influence operations this year, including the activities of Iranian and Chinese state-sponsored hackers.

A cyberattack continues to affect the largest regulated water and wastewater utility company in the US, renewing a focus on the importance of protecting critical infrastructure sites.

Government-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the U.S.’s top cybersecurity agency.

Nearly a decade has passed since the cybersecurity community started warning about automatic tank gauge (ATG) systems being exposed to remote hacker attacks, and critical vulnerabilities continue to be found in these devices.

A newly released congressional examination found that China placed various technological backdoors into ship-to-shore cranes that could give access to the machines.

A veritable grab bag of tools used to access critical infrastructure networks are wildly insecure, and they're blobbing together to create a widening attack surface.

Digital transformation progress in Asia Pacific (APAC) has been rapid, reflecting a growing digital native population and increasingly tech-savvy businesses.

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams.

A bug in closed-circuit TV cameras is the latest example of a previously unidentified vulnerability that hackers are exploiting in internet-facing devices, adding them to botnets that can be used to disrupt websites with junk traffic.

Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.

A ransomware attack in Switzerland ends tragically for a cow and her calf.

Researchers discovered a new malware variant likely used in an attack this January against an energy company in western Ukraine that left 600 households without heat amid freezing temperatures.

Based on data from a 2023 global survey of more than 550 professionals in the Operational Technology field* about IT and cybersecurity in the 12 months prior to the poll, several key findings were disclosed.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a call to action for administrators and security professionals to review six newly released Industrial Control Systems (ICS) advisories.

The US Environmental Protection Agency (EPA) on Monday issued an enforcement alert to outline the measures needed to protect drinking water systems against cyber threats.

Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.

What lessons have the US and Asia Pacific nations learnt from the cyberattack three years ago? What has been done to address such cyber-defense needs? Can more be done?

The majority of organisations, of any type, prefer not to publicly report their incidents, so the reality is that more attacks are occurring than we hear about.

Government agencies from the United States, Canada and the United Kingdom are providing recommendations to critical infrastructure organizations following a series of attacks launched by apparent pro-Russia hacktivists against industrial control systems (ICS) and other operational technology (OT) systems.

The Kremlin-controlled hacker group Sandworm has targeted nearly 20 energy facilities in Ukraine this spring, possibly to amplify the impact of intense Russian missile and drone strikes on critical infrastructure.

Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said on Thursday.

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to.

Google Cloud’s Mandiant on Wednesday published a new report summarizing some of the latest activities of Russia’s notorious Sandworm group, which it has started tracking as APT44.

An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector.

An analysis conducted recently by cybersecurity firm Forescout shows that the number of Chinese-manufactured devices present in US networks has been increasing over the past year, despite efforts to prevent the use of such products due to security concerns.

Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure.

North Korean hackers breached at least two South Korean microchip equipment companies in recent months, stealing product design drawings and facility site photos, according to South Korea’s spy agency.

Chinese video surveillance equipment manufacturer Hikvision has announced patches for two vulnerabilities in its security management system HikCentral Professional.

The US government on Wednesday released new guidance on the actions that water and wastewater (WWS) sector entities should take to improve the resilience of their networks to cyberattacks.

The White House announced on Wednesday that the Biden-Harris administration is issuing an executive order to boost the cybersecurity of US ports, highlighting the risks posed by the use of cranes made by China.

German battery maker Varta's (VAR1.DE), opens new tab five production plants were hit by a cyberattack on Feb. 12, the company said late on Tuesday, adding that the extent of the damage had yet to be determined.

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.

The US government slaps sanctions against six Iranian government officials linked to cyberattacks against Israeli PLC vendor Unitronics.

The news giant learned from unnamed Western security officials and one person familiar with the matter that the FBI and the Justice Department have been authorized to remotely disable some aspects of a Chinese cyber operation named Volt Typhoon, which has been known to target critical infrastructure.

German technology manufacturer Bosch fixed a vulnerability affecting a popular line of smart thermostats in October, the company disclosed this week.

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

The information display screens at Beirut’s international airport were hacked by domestic anti-Hezbollah groups Sunday, as clashes between the Lebanese militant group and the Israeli military continue to intensify along the border.

The owner of an apartment in Veliky Novgorod in Russia has been arrested for discrediting the country’s armed forces after a neighbor alerted the police to the message ‘Slava Ukraini’ scrolling across their LED curtains.