Industrial Security

  • Vulnerabilities in PanelView Plus devices could lead to remote code execution

    July 2, 2024

    Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The ...

  • Keytronic confirms data breach after Black Basta ransomware gang strikes again

    June 17, 2024

    Hardware firm Keytronic has confirmed a significant data breach weeks after the Black Basta ransomware group leaked over 500GB of the company’s stolen data around two weeks ago. The company, known for its printed circuit board assembly (PCBA), reported the cyberattack in an SEC filing over a month ago on May 6 – the attack was ...

  • UK: King Charles military badge rollout delayed over fears China could ‘use them for spying’

    June 15, 2024

    The introduction of military badges specially redesigned to mark King Charles’s accession to the throne has been delayed, with claims British Army chiefs fear the insignia could be made in China, enabling Beijing to insert tracking devices into them. Regiments which have a royal crest on their berets are changing “cap badges” from a design with ...

  • Sapphire Werewolf polishes Amethyst stealer to attack over 300 companies

    June 5, 2024

    Since March 2024, the BI.ZONE Threat Intelligence team has been tracking the cluster of activity dubbed Sapphire Werewolf. The threat actor targets Russia’s industries, such as education, manufacturing, IT, defense, and aerospace engineering. Over 300 attacks were carried out using Amethyst, an offshoot of the popular open‑source SapphireStealer. The attackers disguise the malware as an enforcement ...

  • Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

    May 30, 2024

    Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the past months by different nation-backed actors, including attacks by IRGC-affiliated “CyberAv3ngers” in November 2023, as well ...

  • Threat landscape for industrial automation systems, Q1 2024

    May 27, 2024

    In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Building automation has historically led the surveyed industries in terms of the percentage of ICS computers ...

  • Dell data breach may affect up to 49m customers

    May 13, 2024

    Dell has confirmed a data breach that could, according to reports, have affected up to 49m customers. The breach revealed names and addresses of Dell customers, as well as information about equipment purchased, although the tech giant says that no payment or banking details were uncovered in the incident. Read more… Source: MSN News Sign up for our Newsletter Related:

  • U.K., U.S. and Canadian cyber authorities warn of pro-Russia hacktivist attacks on OT systems

    May 3, 2024

    The U.K.’s National Cyber Security Centre (NCSC) and other international cyber authorities, including the Federal Bureau of Investigation (FBI), have warned about pro-Russia hacktivist attacks targeting providers of operational technology. OT is hardware and software that interacts with the physical environment and includes smart water metres, automated irrigation systems, dam monitoring systems, smart grids and IoT ...

  • Dutch chipmaker Nexperia hacked by cyber criminals

    April 12, 2024

    Dutch-headquartered chipmaker Nexperia was victim of a hacking attack by cyber criminals last month, the Chinese-owned company said on Friday, and was investigating the incident with the help of outside specialists. The company did not say if it had suffered any damage or losses as a result of the hack, but RTL said the cyber criminals ...

  • Threat landscape for industrial automation systems. H2 2023

    March 19, 2024

    In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only ...

  • Tech giant Fujitsu says it was hacked, warns of data breach

    March 18, 2024

    Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be ...

  • BMW security lapse exposed sensitive company information, researcher finds

    February 14, 2024

    A misconfigured cloud storage server belonging to automotive giant BMW exposed sensitive company information, including private keys and internal data, TechCrunch has learned. Can Yoleri, a security researcher at threat intelligence company SOCRadar, told TechCrunch that he discovered the exposed BMW cloud storage server while routinely scanning the internet. Read more… Source: TechCrunch  

  • Scaly Wolf uses White Snake stealer against Russian industry

    February 2, 2024

    The BI.ZONE Threat Intelligence team has identified at least a dozen campaigns linked to Scaly Wolf. The impact spreads across organizations from various industries in Russia, including manufacturing and logistics. One of the group’s characteristics in gaining initial access is their phishing emails designed to look like legitimate correspondence from Russian public authorities. Its phishing arsenal ...

  • Threat Assessment: BianLian ransomware group

    January 23, 2024

    Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data they’ve gathered. From that leak site data, Unit 42 primarily observed activity affecting the healthcare and manufacturing sectors and industries, and impacting organizations mainly in the United States (US) ...

  • VF Corp’s cyber incident causes data breach of 35.5 million consumers

    January 19, 2024

    Vans sneaker maker VF Corp said on Thursday the cyber incident that hit the company in December led to a breach of personal data of about 35.5 million consumers, and added that it does not expect a material impact to its financials. The unauthorized activity, detected on Dec. 13, disrupted global customer orders on its e-commerce ...

  • Water and Wastewater Sector – Incident Response Guide

    January 18, 2024

    Cyber threat actors are aware of – and deliberately target – single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors. There are many aspects of the large and complex WWS Sector that pose challenges to raising cyber resilience ...

  • Data breach hits Navy contractor Fincantieri Marine Group

    January 15, 2024

    Italian shipbuilding firm Fincantieri’s U.S. arm Fincantieri Marine Group, which is a contractor for the U.S. Navy, disclosed that it had 16,769 individuals’ data compromised following an April ransomware attack that resulted in significant production disruptions. In breach notification letters sent to impacted individuals earlier this month, FMG said that some of its systems had been ...

  • Yakult Australia targeted in cyber attack, employee files published on dark web

    December 28, 2023

    Iconic probiotic company Yakult Australia has been hit by a significant cyber attack that has seen its company records and sensitive employee documents, such as passports, published on the dark web. Yakult Australia confirmed its Australian and New Zealand IT systems were impacted by a “cyber incident”. Read more… Source: MSN News  

  • Henry Schein Sales Hurt by Cyber Attack, Macro Woes

    December 27, 2023

    Henry Schein (HSIC) is currently entangled in a major cyber-attack incident. Headwinds like unfavorable currency movement and global economic uncertainties continue to affect the company. The stock carries a Zacks Rank #4 (Sell). In October 2023, Henry Schein stated that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein took precautionary ...

  • Defense Contractor Austal USA Confirms a Cyber Attack by Hunters International Ransomware Group

    December 15, 2023

    Australian-based American defense contractor Austal USA has confirmed a cyber attack after the Hunters International ransomware group listed the company and shared samples of the stolen data as proof. Austal USA is a Contractor for the US Department of Defense (DOD) and the Department of Homeland Security (DHS), undertaking major U.S. Navy shipbuilding programs. With five ...