FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications

In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of Read More …

Schneider Electric Data Breach Leaks Critical Data, Hellcat Ransomware Group Demands Hefty Ransom in Baguettes

French digital automation and energy management giant Schneider Electric is investigating a data breach after a hacker claimed they stole dozens of gigabytes and demanded a hefty ransom in Baguettes, a classic popular French bread item. Schneider Electric manufactures various Read More …

Cisco Releases Security Advisories for Multiple Products

Cisco has released 15 security advisories addressing multiple vulnerabilities, including one critical and two high severity vulnerabilities affecting various products. The critical vulnerability affects Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point, a software that uses wireless Read More …

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF). SSRF occurs when the server can be induced to perform arbitrary requests on behalf of an attacker. An attacker with unauthenticated access to the Automation Read More …

Vulnerabilities in PanelView Plus devices could lead to remote code execution

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom Read More …

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. Internet-exposed OT equipment in water and wastewater systems (WWS) in the US were targeted in multiple attacks over the Read More …

Threat landscape for industrial automation systems. H2 2023

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious Read More …