The increased use of automated control systems to manage drug formulations and product quality (particularly for combination drugs) is creating new security risks for the pharmaceutical industry. Examples of this new vulnerability surfaced in June 2017 when the pharmaceutical sector, along with healthcare and many other industries, were targeted by the

ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI).CS2AI is a non-profit organization focused on the growth and expans

Several major tech and cybersecurity companies have joined forces for a new initiative called the Operational Technology Cyber Security Alliance (OTCSA), which aims to help industrial and critical infrastructure organizations address challenges related to OT security by providing guidance and resources.Founding members of OTCSA include equipment manufacturer

ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Outdated and unsupported operating systems are still present and they still pose a serious risk in many industrial organizations, according to a new report from industrial cybersecurity firm CyberX.The company’s 2020 Global IoT/ICS Risk Report is based on data passively collected by CyberX from over

Researchers at Cisco Talos have discovered nearly a dozen vulnerabilities in some of Schneider Electric’s Modicon programmable logic controllers (PLCs).There are a total of 11 security holes affecting Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum (no longer supported), Premium, and Modicon BMxCRA and 140CRA modules. The M580 PLC, which is the newest

A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for denial-of-service (DoS) attacks, which may be triggered by malicious actors or by accident.Beckhoff is a Germany-based company that provides automation solutions, including industrial PCs, I/O and fieldbus components, drive technology, and automation software. Th

SecurityWeek’s 2019 ICS Cyber Security Conference, the largest and longest-running event dedicated to industrial and critical infrastructure cybersecurity, is set to take place in Atlanta, Ga. on October 21-24.The conference will feature training sessions, case studies and various talks, including technical and strategy-focused presentations. The goal is to

The United States and Baltic states on Sunday agreed to beef up cooperation to protect the Baltic energy grid from cyber attacks as they disconnect from the Russian electricity grid.US Energy Secretary Rick Perry and his Lithuanian, Latvian and Estonian counterparts termed the agreement "a critical moment for the Baltic States in strengthening cybersecurity"

A researcher has used a free tool that he created and open source intelligence (OSINT) to demonstrate how easy it is for adversaries to gather intelligence on critical infrastructure in the United States.The researcher, known online as Wojciech, used his Kamerka tool to find industrial control systems (ICS) in the United States, map them to geographical loca

Attackers using the Adwind remote access Trojan (RAT) are targeting petroleum firms in the United States in a recent campaign, researchers from Netskope report.Samples observed in the attacks are relatively new, but the functionality of the RAT has remained consistent with previously detailed campaigns. The malware does attempt to evade detection by means of

Singapore’s Cyber Security Agency (CSA) on Tuesday unveiled the country’s Operational Technology (OT) Cybersecurity Masterplan, whose goal is to help enhance the security and resilience of organizations that house OT systems.The Masterplan focuses on industrial control systems (ICS), which account for a majority of OT systems. While it’s mainly addressed to

SecurityWeek has announced that it will offer an Advanced ICS/SCADA Hacking Training program at its 2019 Industrial Control Systems (ICS) Cyber Security Conference, which takes place October 21-24 in Atlanta.Conducted in partnership with critical infrastructure cyber security firm Applied Risk, the Advanced ICS/SCADA Hacking training will enable pa

IoT security firm Armis has confirmed that the recently disclosed vulnerabilities tracked as Urgent/11 affect several real time operating systems (RTOS) other than VxWorks.Armis revealed in late July that Wind River’s VxWorks operating system, which is used by millions of devices, is affected by 11 vulnerabilities, including critical flaws that can be exploi

In the decade since the Stuxnet worm was discovered, multiple attacks that have been launched against operational technology (OT) networks including Shamoon, Havex, Wannycry, and Lockergoga. Looking back, a disturbing trend has emerged. Industrial attacks are being recycled.Consider LockerGoga, which crippled Norsk Hydro, one of the largest aluminum manufact

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) informed organizations last week that Tridium’s Niagara product is affected by two vulnerabilities in BlackBerry’s QNX operating system for embedded devices.Niagara is a popular framework designed for connecting and controlling a wide range of Internet of Thing