Security News

To that end, CISA has worked with the National Security Council, various federal agencies, industry stakeholders and organizations like the ICS Village to develop a set of core initiatives for 2020. Four, CISA will have a focus on developing detection and incident-response training blueprints.

More than 400 vulnerabilities affecting industrial control systems were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos. Dragos analyzed 438 ICS vulnerabilities covered in 212 security advisories, roughly the same as in the previous year.

According to SentinelLabs, which has seen attacks involving Snake for the past month, files encrypted by this ransomware are difficult or impossible to recover without paying the ransom demanded by the attackers. Snake targets a wide range of files, but avoids encrypting system files and folders.

The very first Pwn2Own hacking competition that exclusively focuses on the industrial control systems has kicked off in Miami. On Day One, overall, there were six successful hacking attempts and two partially successful attempts against eight hacking targets, according to ZDI. On Day Two, there were three successful hacks and two partials against four total targets.

Attackers exploiting critical Citrix ADC, Gateway flaw, company yet to release fixesNearly a month has passed since Citrix released mitigation measures for CVE-2019-19781, a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway, which could lead to remote code execution. PCs still running Windows 7 will soon be significantly more at risk of ransomwarePCs still running when Windows 7 reaches end of life on the 14th of January will be significantly more at risk of ransomware, Veritas Technologies has warned.

MITRE released an ATT&CK knowledge base of the tactics and techniques that cyber adversaries use when attacking ICS that operate some of the nation's most critical infrastructures including energy transmission and distribution plants, oil refineries, wastewater treatment facilities, transportation systems, and more. Some aspects of the existing ATT&CK knowledge base for enterprise IT systems are applicable to ICS, and in many cases may represent an entry point into those ICS systems for adversaries.

Keysight Technologies, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, announced a collaboration with...

Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, announced a technology agreement with Baker Hughes. Under the agreement,...

Cybersecurity solutions provider Trend Micro this week announced the launch of new products designed to protect industrial control system (ICS) environments. read more

The Central ICS/SCADA Cyber Security Event of the Year for the APAC Region! read more