The US Federal Emergency Management Agency (FEMA) has issued an advisory urging organizations to ensure that their emergency alert systems are patched, but a researcher says there are no patches for some of the vulnerabilities affecting these systems.The emergency alert system (EAS) in the United States enables authorities to broadcast emergency alerts and w

Smart City network infrastructure demands a proactive approach to find vulnerabilities before hackers find themSmart technology continues to change how people live and interact with the cities around them. While the full value of a connected city evolves – one that leverages innovations powered by artificial intelligence and machine learning – cybersecurity

Two potentially serious vulnerabilities that could allow threat actors to cause significant disruption have been found in a widely used industrial connectivity device made by Moxa.The Taiwan-based industrial networking and automation solutions provider has addressed the flaws.The two security holes, tracked as CVE-2022-2043 and CVE-2022-2044 and rated ‘high

The Transportation Security Administration (TSA) has updated its directive for oil and natural gas pipeline cybersecurity, providing owners and operators more flexibility in achieving the outlined goals.After a ransomware attack conducted by a Russia-linked cybercrime group forced Colonial Pipeline to shut down systems in May 2021, the TSA issued a directive

More than 600 industrial control system (ICS) product vulnerabilities were disclosed in the first half of 2022 by the US Cybersecurity and Infrastructure Security Agency (CISA), according to an analysis conducted by industrial asset and network monitoring company SynSaber.SynSaber has counted 681 vulnerabilities disclosed by CISA, slightly more than in the f

Tools advertised as being capable of cracking passwords for HMIs, PLCs and other industrial products have been found to exploit a zero-day vulnerability, and threat actors are using these tools to deliver malware.Engineers responsible for the industrial systems within an organization may one day find themselves in a situation where a PLC, an HMI or a project

A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations.Private companies and governments have come to realize the importance of a zero trust cybersecurity model, where nothing is trusted by default, and u

A survey of 3,500 security experts from around the world shows that a lot of the cybersecurity problems related to operational technology (OT) involve people, specifically human error and a significant shortage of staff.The survey, conducted by IoT and OT security firm SCADAfence, found that more than 75% of experts believe their OT security risk level is hi

A survey commissioned by cybersecurity firm Barracuda shows that while most organizations using operational technology (OT) or industrial IoT (IIoT) systems have experienced a security incident, impact was smaller for those that have invested more in security.Barracuda’s report, titled “The state of industrial security in 2022,” is based on a survey of 800 i

The call for presentations (CFP) for SecurityWeek's 2022 ICS Cyber Security Conference closes on July 15, 2022.Celebrating its 21st year, the 2022 conference will feature 3-day full days of conference sessions and 1 full-day of optional trainings and workshops that will dive deep into the world of industrial cybersecurity and help those charged with protecti

Industrial giants Siemens and Schneider Electric have released their Patch Tuesday security advisories for July 2022, with a total of 13 advisories describing 59 vulnerabilities.SiemensSiemens has released 19 new advisories that describe 46 vulnerabilities affecting the company’s products. Two advisories are for flaws that have been rated “critical” with a C

Cisco’s Talos threat intelligence and research unit has identified several critical vulnerabilities in a widely used industrial cellular IoT gateway made by Chinese company Robustel.The affected product is the R1510 router, which is designed to provide high-speed wireless network bandwidth in harsh environments. The device has been used worldwide and it has

On February 24, Russia launched its full-scale assault on Ukraine. The invader’s weapons included tanks, heavy artillery… and software. On April 8, attackers armed with Industroyer2, a species of malware designed to incapacitate power stations and plunge whole cities into darkness, managed to briefly penetrate Ukrainian defenses, putting two million homes at

Threat hunters at Kaspersky have uncovered a series of attacks that targeted organizations across telecoms, transportation, and industrial sectors with the ShadowPad backdoor.The campaign hit the manufacturing and telecoms industries in Afghanistan and Pakistan, and a logistics and transport organization (a port) in Malaysia.Kaspersky initially identified th

Operational resilience is a priority and organizations are decisive about protecting cyber-physical systems (CPS) in today's consolidated and converged realityOver the last few years, the pandemic, rapid growth in several sectors and geographies, and the work from home paradigm shift have significantly accelerated the convergence of IT and operational t