A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server.OpenClinic GA is described as an “integrated hospital information management system covering management of administrative, financial, clinica

Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems (ICS).Honeywell Industrial Cybersecurity this week published its 2020 USB Threat Report. The report is based on data collected over a period of 12 months by the company’s Secure Media Exchange (SMX) USB security pl

Recent global events have convinced us that digital transformation is here to stay and, in fact, accelerating. Companies that had already begun to embrace digital transformation were able to adapt more quickly to disruption and demonstrate greater resiliency. Now that the initial rush to support a shift to a more distributed model is behind us, we have an op

Hackers continue to exploit the recently patched BIG-IP security flaw and they have plenty of potential targets as researchers have identified thousands of vulnerable systems.The vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC) is tracked as CVE-2020-5902 and it was disclosed last week by the vendor and Positive Technologies,

Recent samples of the Snake ransomware were observed isolating the infected systems to ensure that nothing interferes with the file encryption process, security researchers warn.Initially detailed in January this year, Snake (also known as EKANS) has emerged as a prevalent threat to industrial control systems (ICS), due to the targeting of processes specific

Recent fires and explosions at important Iranian facilities may have been caused deliberately as part of an operation that involved cyberattacks, according to reports.There have been several incidents at major Iranian industrial facilities in recent weeks, including a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex

Industrial control systems (ICS) can be hacked through barcode scanners, researchers at cybersecurity services company IOActive said on Tuesday.Hackers previously demonstrated that keystrokes can be remotely injected via an industrial barcode scanner into the computer the scanner is connected to, which could result in the computer getting compromised.IOActiv

Industrial giant Honeywell announced recently that it has added several new features to its Forge cybersecurity platform.The Forge Cybersecurity Suite, which Honeywell launched last year, is designed to help organizations protect industrial internet of things (IIoT) and operational technology (OT) assets. The company says the product has over 4,000 installat

Foreign hackers are taking advantage of the coronavirus pandemic to undermine institutions and threaten critical infrastructure, a top U.S. military cyber official said Thursday.The comments from Coast Guard Rear Adm. John Mauger of U.S. Cyber Command came a day after Defense Department officials briefed reporters on virtual war games that digital combatants

Mitsubishi Electric and its subsidiary ICONICS have released patches for the vulnerabilities disclosed earlier this year at the Pwn2Own Miami hacking competition, which focused on industrial control systems (ICS).White hat hackers earned a total of $280,000 for the exploits they demonstrated at the Zero Day Initiative’s Pwn2Own contest in January, including

Microsoft announced on Monday that it has acquired industrial cybersecurity company CyberX in an effort to expand its Azure IoT security capabilities and extend them to industrial IoT (IIoT) and operational technology (OT) systems.Financial terms of the deal have not been disclosed, but Israel’s Globes reported in early May that Microsoft had been preparing

A stored cross-site scripting (XSS) vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege escalation and other purposes.OSIsoft PI System is a data management platform that delivers plant monitoring and analysis capabilities. According to the vendor’s website, PI System has

We All Share the Same Objective of Risk Reduction, But in an OT Environment That Must be Implemented in a Different WayIn recent months, our definition of critical infrastructure has expanded and the convergence of IT and operational technology (OT) networks has accelerated dramatically. As more employees began working from home, the infrastructure of their

Millions of IoT devices worldwide could be vulnerable to remote attacks due to serious security flaws affecting the Treck TCP/IP stack, Israel-based cybersecurity company JSOF warned on Tuesday.Treck TCP/IP is a high-performance TCP/IP protocol suite designed specifically for embedded systems. JSOF researchers have discovered that the product is affected by

Siemens’ LOGO! programmable logic controllers (PLCs) are affected by critical vulnerabilities that can be exploited remotely to launch denial-of-service (DoS) attacks and modify the device’s configuration.According to Siemens, the vulnerabilities impact all versions of its LOGO!8 BM devices, which are designed for basic control tasks. SIPLUS versions, which