The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been named a Top-Level Root CVE Numbering Authority (CNA) and it will be overseeing CNAs that assign CVE identifiers for vulnerabilities in industrial control systems (ICS) and medical devices.CNAs are responsible for issuing CVE identifiers for vulnerabilities found in their own or third-p

Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).As a CNA, the company will be able to assign CVE identifiers to vulnerabilities found in its own products or in third-party IoT and industrial products that are not c

Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.CodeMeter provides license management capabilities and it’s designed to protect software against piracy and reverse engineering. It’

Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Germany-based Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty warned on Tuesday.CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes

Organizations Must Establish a Culture of Rresilience With Strategies That Are Independent, Measurable and UsableToday, the digital world is propelling connectivity and data growth to new heights. While their associated capabilities and information can give organizations a competitive advantage, these ever-evolving technologies can also expose critical infra

Over 70% of the industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 were remotely exploitable through a network attack vector, industrial cybersecurity company Claroty reported on Wednesday.Claroty has analyzed the 365 ICS flaws added to the National Vulnerability Database (NVD) and 385 vulnerabilities covered in advisories pu

In the last few years, we’ve seen ample evidence of how cyberattacks on critical infrastructure can be leveraged by nation-states and other powerful adversaries as weapons in geopolitical conflicts. The attacks on the Ukraine power grid and several other incidents demonstrated a show of power and how a country’s infrastructure can be disrupted. The indiscrim

Industrial cybersecurity solutions provider Radiflow recently announced the launch of an automated risk analysis platform for industrial automation and control systems.Named CIARA (Cyber Industrial Automated Risk Analysis), the solution is now generally available after some of Radiflow’s customers tested the beta version. CIARA is a cloud-based service that

The official Call for Presentations (speakers) for SecurityWeek’s 2020 Industrial Control Systems (ICS) Cyber Security Conference, being held October 19 – 22, 2020 in SecurityWeek’s Virtual Conference Center, has been extended to August 31st.As the premier ICS/SCADA cyber security conference, the event was originally scheduled to take place at the InterConti

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year.Some of the most interesting presentations focused on vulnerabilities affecting industrial, IoT, hardware and web products, but a few of the talks covered endpoint

Vulnerabilities found in protocol gateway devices can facilitate stealthy attacks on industrial systems, enabling threat actors to obtain valuable information and sabotage critical processes.Protocol gateways are small devices designed to ensure that various types of IT and OT devices can communicate with each other even if they use different protocols. For

A team of researchers from the Georgia Institute of Technology has demonstrated how, in theory, a malicious actor could manipulate the energy market using a botnet powered by high-wattage IoT devices.Most botnets are powered by devices such as routers, cameras and DVRs. However, researchers from Princeton University warned a few years ago that threat actors

Researchers at the Polytechnic University of Milan and cybersecurity firm Trend Micro have analyzed some of the most popular industrial programming languages and showed how they can open the door to attacks against robots and other programmable manufacturing machines. They have developed a worm to demonstrate the severity of their findings.The researchers an

High-severity vulnerabilities found by researchers in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations.According to advisories published last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), tens of factory automation products from Mitsubishi Electric are affected by three flaws that c

Vulnerabilities discovered by researchers in VPN products primarily used for remote access to operational technology (OT) networks can allow hackers to compromise industrial control systems (ICS) and possibly cause physical damage.Researchers from industrial cybersecurity company Claroty have identified potentially serious vulnerabilities in Secomea GateMana