- CISA Releases Five Industrial Control Systems Advisories
March 2, 2023
CISA released five Industrial Control Systems (ICS) advisories on March 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-061-01 Mitsubishi Electric MELSEC Series ICSA-23-061-02 Baicells Nova Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related ...
- CISA Releases Fifteen Industrial Control Systems Advisories
February 16, 2023
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens ...
- Hyundai and Kia issue software upgrades to thwart killer TikTok car theft hack
February 15, 2023
Korean car-makers Hyundai and Kia will issue software updates to some of their models after a method of stealing them circulated on TikTok, leading to many thefts and even some deaths. The “Kia Challenge” started circulating in mid-2022 and explained that it’s possible to remove the steering column covering on some Hyundai and Kia models by ...
- Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with
February 7, 2023
Shares in Morgan Advanced Materials tanked 7.5% to 292p this morning after the industrial manufacturer became the latest listed firm to fall victim to a cyber attack which it said would cost millions of pounds to tackle. The 166-year-old firm warned the attack meant some of its IT systems were irrecoverable, and it had been forced ...
- Researcher breaches Toyota supplier portal with info on 14,000 partners
February 7, 2023
Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company. GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain. Read more… Source: Bleeping Computer
- Vice Society Ransomware Group Targets Manufacturing Companies
January 24, 2023
The Vice Society ransomware group made headlines in late 2022 and early 2023 during a spate of attacks against several targets, such as the one that affected the rapid transit system in San Francisco. Most reports have the threat actor focusing its efforts on the education and the healthcare industries. However, through Trend Micro’s telemetry data, ...
- Gone Phishing: Hunting for Malicious Industrial-Themed Emails to Prevent Operational Technology Compromises
January 17, 2023
Phishing is one of the most common techniques used to deliver malware and gain access to target networks. This is not only because of its simplicity and scalability, but also because of its efficiency in exploiting vulnerabilities in human behavior. Despite the existence of sophisticated detection tooling and security awareness of phishing techniques, defenders across ...
- Toyota, Mercedes, BMW API flaws exposed owners’ personal info
January 4, 2023
Almost twenty car manufacturers and services contained API security vulnerabilities that could have allowed hackers to perform malicious activity, ranging from unlocking, starting, and tracking cars to exposing customers’ personal information. The security flaws impacted well-known brands, including BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and ...
- Cook EBITDA slumps £2m following Christmas 2021 cyber-attack
January 4, 2023
A cyber-attack in December 2021 wiped an estimated £2m from Cook’s EBITDA, according to its latest financial results. The attack ground manufacturing systems at its Sittingbourne site to a halt and prevented Cook from making and delivering food. Consequently, the business was forced to shut down its website in the lead-up to Christmas, its busiest period of ...
- CISA Releases Four Industrial Control Systems Advisories
December 22, 2022
CISA released four Industrial Control Systems (ICS) advisories on December 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-356-01 Priva TopControl Suite ICSA-22-356-02 Rockwell Automation Studio 5000 Logix Emulate Read more… Source: U.S. Cybersecurity and ...
- Agenda Ransomware Uses Rust to Target More Vital Industries
December 16, 2022
This year, ransomware-as-a-service (RaaS) groups like BlackCat, Hive, and RansomExx have developed versions of their ransomware in Rust, a cross-platform language that makes it easier to tailor malware to different operating systems like Windows and Linux. In this blog entry, Trend Micro shed light on Agenda (also known as Qilin), another ransomware group that has ...
- Cyber Signals: Risks to critical infrastructure on the rise
December 14, 2022
Today, the third edition of Cyber Signals was released spotlighting security trends and insights gathered from Microsoft’s 43 trillion daily security signals and 8,500 security experts. In this edition, we share new insights on wider risks that converging IT, Internet of Things (IoT), and operational technology (OT) systems pose to critical infrastructure. Cyber Signals presents ...
- CISA Releases Three Industrial Control Advisories
December 8, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds One ...
- Industry 4.0: CNC Machine Security Risks – Part 3
December 6, 2022
In this final installation of Trend Micro three-part blog series, Trend Micro researchers lay out countermeasures that enterprises can do to protect their machines. They’ll also discuss their responsible disclosure as well as the feedback they got from the vendors they evaluated. Countermeasures Trend Micro found that only two of the four vendors analyzed support authentication. Neither ...
- Industry 4.0: CNC Machine Security Risks – Part 2
December 2, 2022
In part one, Trend Micro researchers discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. The researchers also laid out how we evaluated the chosen vendors for Trend Micro research. For this blog, Trend Micro will continue discussing their ...
- Industry 4.0: Computer Numerical Controls (CNC) Machine Security Risks – Part 1
November 29, 2022
Computer numerical controls (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity. This increased connectivity has made them more software-dependent and therefore more vulnerable to attacks. This vulnerability is due ...
- CISA Releases Seven Industrial Control Systems Advisories
November 29, 2022
CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-333-01 Mitsubishi Electric GOT2000 ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products ICSA-22-333-03 Hitachi ...
- CISA Releases Eight Industrial Control Systems Advisories
November 22, 2022
CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-326-01 AVEVA Edge ICSA-22-326-02 Digital Alert Systems DASDEC ICSA-22-326-03 Phoenix Contact Automation Worx ICSA-22-326-04 GE ...
- Vulnerable SDK components lead to supply chain risks in IoT and OT environments
November 22, 2022
Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply chains, like Log4J and ...
- More than 17 million control system cyber incidents are hidden in plain sight
November 18, 2022
Control system cyber incidents are more plentiful and impactful than most observers expect – more than 17 million directly resulting in more than 34,000 deaths. While there have been more than 1,200 electric grid cyber-related incidents, that doesn’t adequately reflect the true impact on customers and the economy. The majority of the 17 million-plus control ...