Lucene search
K

15 matches found

The Hacker News
The Hacker News
added 2024/05/31 1:42 p.m.14 views

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology OT devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and...

7.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2024/05/30 5:0 p.m.20 views

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

9.8CVSS7.2AI score0.02089EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2024/03/26 2:0 p.m.22 views

Meeting FISMA (M-24-04) Requirements with a Unified Attack Surface Management Strategy

At the end of 2023, the Office of Management and Budget OMB released the FY24 FISMA Guidance M-24-04 with a broad focus on securing the entire attack surface and specific action items for agencies pertaining to High Value Assets, IoT/OT devices, and internet-connected assets. In reference to rece...

7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/07/11 4:0 p.m.14 views

Introducing security for unmanaged devices in the Enterprise network with Microsoft Defender for IoT

How many IoT devices are used at your company? If yours is like most organizations, there are probably printers, scanners, and fax machines scattered around the office. Perhaps smart TVs are mounted at reception or in the break room to guide visitors and keep employees up-to-date on company event...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/06/23 12:0 a.m.39 views

JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

9.8CVSS8.2AI score0.00982EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2022/06/22 12:34 p.m.29 views

Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture

Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology OT vendors, most of which they’ve attributed to inherent design flaws in equipment and a lax approach to security and risk management that have been plaguing the industry for decades, they said. The...

8.9AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/06/22 12:0 a.m.48 views

Honeywell Saia Burgess PG5 PCD Authentication Bypass Using an Alternate Path or Channel (CVE-2022-30319, CVE-2022-30320)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

8.1CVSS6.3AI score0.00616EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/06/22 12:0 a.m.59 views

Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

9.8CVSS6.4AI score0.00746EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2022/06/21 11:25 a.m.48 views

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors

Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology OT vendors due to what researchers call are "insecure-by-design practices." Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada,...

0.8AI score0.00858EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/03/03 5:0 p.m.19 views

Secure your OT and IoT devices with Microsoft Defender for IoT and Quzara Cybertorch™

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In recent years, malicious actors have started attacking industrial control systems and key sectors of nations’ critical infrastructure to inflict damage that transcends the cyber...

0.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/11/02 3:0 p.m.15 views

How Microsoft Defender for IoT can secure your IoT devices

Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks specifically targeting IoT devices used in enterprise environments as well as operational technology OT devices used in industrial systems and critical infrastructure like ICS/SCADA. It’s not surprisi...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/04 6:46 a.m.115 views

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology OT devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical...

9.8CVSS0.3AI score0.03627EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/04/30 9:49 a.m.50 views

Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things IoT and Operational Technology OT devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical...

1.6AI score
Exploits0
CISA
CISA
added 2021/04/15 12:0 a.m.14 views

NAME:WRECK DNS Vulnerabilities

Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System DNS implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Intern...

6.9AI score
Exploits0References3
Talos
Talos
added 2021/02/16 12:0 a.m.50 views

Advantech WebAccess/SCADA installation local file inclusion

Summary A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. Tested Versions Advantech...

7.7CVSS7.3AI score0.03488EPSS
Exploits1
Rows per page
Query Builder