Lucene search
K

15 matches found

The Hacker News
The Hacker News
added 2023/05/15 1:24 p.m.4 views

Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks

Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology OT networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the...

10CVSS9.2AI score0.01638EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.31 views

Phoenix Contact Classic Line Controllers Insufficient Verification of Data Authenticity (CVE-2022-31800)

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

9.9AI score0.01455EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2022/11/28 10:7 a.m.47 views

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Over a dozen security flaws have been discovered in baseboard management controller BMC firmware from Lanner that could expose operational technology OT and internet of things IoT networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip SoC, that's found in serv...

10CVSS0.7AI score0.09946EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/07/18 10:59 a.m.54 views

Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems

Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers PLCs and co-opt the machines to a botnet. The software "exploited a vulnerability in the firmware which allowed it to retrieve the...

1.6AI score0.00621EPSS
Exploits0
HackRead
HackRead
added 2022/06/01 10:49 p.m.21 views

New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks

By Deeba Ahmed In this PoC, the ransomware attack dubbed R4IoT uses vulnerable IoT devices in this case, vulnerable security cameras… This is a post from HackRead.com Read the original post: New PoC Shows IoT Devices Can Be Hacked to Install Ransomware on OT Networks...

2.6AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/11 9:51 p.m.188 views

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution RCE as SYSTEM on any unpatched MXview server, researchers warned this week. The five bugs, affecting versions 3.x to 3.2.2, score a collective 10 out of...

10CVSS10AI score0.15789EPSS
Exploits0References6
HackRead
HackRead
added 2021/10/15 3:38 p.m.17 views

CISA – Ransomware targeted SCADA systems of 3 US water facilities

By Deeba Ahmed US has warned of more ransomware attacks on IT and OT networks of country's Water and Wastewater Systems WWS Sector facilities. This is a post from HackRead.com Read the original post: CISA - Ransomware targeted SCADA systems of 3 US water facilities...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/31 5:33 a.m.31 views

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattack...

0.4AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/08/19 6:0 p.m.121 views

How to proactively defend against Mozi IoT botnet

Mozi is a peer-to-peer P2P botnet that uses a BitTorrent-like network to infect IoT devices such as network gateways and digital video records DVRs. It works by exploiting weak telnet passwords1 and nearly a dozen unpatched IoT vulnerabilities2 and it’s been used to conduct distributed...

10CVSS0.2AI score0.59259EPSS
Exploits23
Microsoft Secure
Microsoft Secure
added 2021/03/15 4:0 p.m.172 views

5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats

As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to...

0.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/12/21 12:0 a.m.68 views

Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs

Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network VPN implementations primarily used to provide remote access to operational technology OT networks. The vulnerabilities could allow unauthenticated attacke...

10CVSS9.7AI score0.02905EPSS
Exploits0References8
ThreatPost
ThreatPost
added 2020/09/09 3:58 p.m.1495 views

Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical...

7.5CVSS0.6AI score0.0552EPSS
Exploits1References20
Qualys Blog
Qualys Blog
added 2020/06/24 11:24 p.m.371 views

Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack

Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20. Ripple20...

10CVSS1AI score0.36965EPSS
Exploits17
FireEye
FireEye
added 2020/02/24 12:0 a.m.29 views

Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE a.k.a. Snake /...

0.5AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2020/02/05 12:0 a.m.114 views

CVE-2019-15126 aka Kr00k

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

8.8CVSS0.7AI score0.07709EPSS
Exploits9References14
Rows per page
Query Builder