Security company warns of Mitsubishi industrial control vulnerabilities

Cybersecurity company Nozomi Networks Labs has warned the industrial control system (ICS) security community about 5 vulnerabilities affecting Mitsubishi safety PLCs. In a new report, the company said Mitsubishi acknowledged the issues — which are focused on the authentication implementation Read More …

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Researchers from Cybereason have Read More …

PwnedPiper critical bug set impacts major hospitals in North America

Pneumatic tube system (PTS) stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital’s critical infrastructure as they are used to Read More …

Risks in Telecommunications IT

Telecommunications is just one aspect of a 200-year-old field of research in IT. In our latest report, “Islands of Telecoms: Risks in IT,” we liken this field to what seems to be separate islands that are in fact connected by Read More …

CISA announces new vulnerability disclosure policy (VDP) platform

Last fall, CISA issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity Read More …

Critical Microsoft Hyper-V bug could haunt orgs for a long time

Technical details are now available for a vulnerability that affects Hyper-V, Microsoft’s native hypervisor for creating virtual machines on Windows systems and in the Azure cloud computing environment. Currently tracked as CVE-2021-28476, the security issue has a critical severity score Read More …