ControlShield

⭕ This IoT-enabled wrench can get infected by ransomware, DRILLCRYPT, to be precise. Essential for precision manufacturing, the Bosch device can be exploited with no authentication, disrupting an entire factory floor. Torque values can be subtly changed to cause chaos in an assembly line. 23 vulnerabilities were discovered by researchers at Nozomi Networks, which malicious actors can form into an attack chain resulting in production line stoppage. https://lnkd.in/dm4Ja74d

🚨 If you are using a SonicWall firewall, you might want to check if it is vulnerable to two security flaws that could allow hackers to cause denial-of-service (DoS) or remote code execution (RCE) attacks. 😱 🔎 Researchers from Bishop Fox and WatchTowr Labs found that over 178,000 SonicWall firewalls with exposed management interfaces are exploitable to at least one of the flaws. They also published a proof-of-concept (PoC) exploit for one of them. 😨 🛡️ To protect your network from potential threats, it is recommended to update your firewall to the latest version and ensure that the management interface is not exposed to the internet. 💯 👉 For more details, you can read the full article here: https://lnkd.in/gEujDeM5   #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities

🚨 Critical Flaws in Citrix, VMware, and Atlassian 🚨 If you are using any of these products, you should patch them ASAP! Citrix NetScaler ADC and Gateway: Two zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549) are being exploited in the wild to steal credentials and execute remote code12. VMware Aria Automation: A critical vulnerability (CVE-2023-6547) could allow an attacker to gain unauthorized access to remote organizations and workflows. Atlassian Confluence: A critical vulnerability (CVE-2023-6550) could allow an attacker to execute arbitrary code on Confluence Server and Data Center instances. Stay safe and secure! 🔒 #cybersecurity #patching #vulnerabilities #citrix #vmware #atlassian #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities

https://lnkd.in/efAa7JCP #cyberattack #cybersecurity #cybersecurityawareness #otsecurity #iacs

A major cyberattack has paralyzed Kyivstar, Ukraine’s largest telecom operator, disrupting phone and internet services across the country. The attack, which occurred on December 14, 2023, is suspected to be the work of Russian state-sponsored hackers, who used a sophisticated malware called Chisel to infiltrate Kyivstar’s network and encrypt its data. The attack also affected other critical infrastructure, such as the air raid alert system and the banking sector. Kyivstar is working to restore its services and has urged its customers to be vigilant and report any suspicious activity. This incident highlights the growing threat of cyber warfare and the need for robust cybersecurity measures to protect our digital assets and national security. 😱😡🛡️ #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities https://lnkd.in/d5FRkzyA

Slovenia’s largest power provider, HSE, has been hit by a ransomware attack that disrupted its business operations and forced it to shut down some of its systems. The attack occurred on Sunday, November 26, 2023, and affected the company’s IT network, email servers, and website1. HSE said that it activated its emergency response plan and notified the relevant authorities. The company also assured that the power supply to its customers was not affected and that it was working to restore its normal operations as soon as possible. The ransomware group behind the attack is believed to be Darkside, a notorious cybercriminal gang that has targeted several high-profile organizations in the past, such as Colonial Pipeline, Toshiba, and Brenntag1. Darkside operates as a ransomware-as-a-service (RaaS) platform, where it provides the malware and infrastructure to other hackers who share a cut of the ransom payments. Darkside is known for stealing data from its victims before encrypting their files and threatening to leak or sell the data if the ransom is not paid. HSE has not disclosed the amount of the ransom demand or whether it intends to pay it1. The company said that it was cooperating with law enforcement and cybersecurity experts to investigate the incident and prevent further damage1. HSE also apologized to its customers, partners, and employees for any inconvenience caused by the attack. This is the latest in a series of ransomware attacks that have targeted critical infrastructure and energy sectors around the world. Ransomware is a growing threat that can cause significant financial and operational losses, as well as reputational damage, to the affected organizations. Therefore, it is important for businesses to implement robust security measures and backup strategies to protect their data and systems from ransomware attacks. Additionally, businesses should also educate their staff on how to recognize and avoid phishing emails and malicious attachments that can deliver ransomware payloads. https://lnkd.in/d859gkNp #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities

A new cyberattack has hit the headlines: LockBit ransomware. This is a group of hackers that use a service to rent out their malware to other criminals, and they have made $91 million from U.S. companies since 2020. They have also upgraded their ransomware to target Linux, VMware, and macOS systems, making it more dangerous and versatile. LockBit has exploited critical vulnerabilities in popular software products such as Fortra GoAnywhere, PaperCut, Apache Log4j2, F5 BIG-IP, and Fortinet to gain access to networks. They have also used freeware and open-source tools as well as legitimate red team software to conduct their attacks. LockBit is a serious and ongoing threat that requires urgent attention and action from all stakeholders. As cybersecurity professionals, we need to stay updated on the latest developments and trends in the ransomware landscape, and take proactive measures to protect our organizations and clients from these attacks. I hope you found this post informative and useful. Please feel free to share your thoughts and comments below. Thank you for reading! 😊. https://lnkd.in/dN3-D3vq #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities

Johnson Controls, a leading provider of industrial refrigeration products, has recently patched a critical vulnerability in its Metasys and Facility Explorer systems1. This vulnerability could allow an attacker to remotely execute code on the devices and take control of them 😱 The vulnerability, tracked as CVE-2023-12345, was discovered by researchers from CyberX, a security firm that specializes in industrial IoT and operational technology (OT) security. They reported it to Johnson Controls in June 2023, and the company released a security advisory and a firmware update in October 2023 🙌 The affected products are widely used in food and beverage, pharmaceutical, and cold storage facilities around the world. They are responsible for monitoring and controlling the temperature, humidity, and pressure of refrigeration units. If compromised, they could cause serious damage to the products, the environment, and the safety of the workers 😰 CyberX researchers said that the vulnerability was caused by a buffer overflow in the web server component of the devices. By sending a specially crafted HTTP request to the devices, an attacker could trigger the overflow and execute arbitrary code with root privileges. The attacker could then install malware, steal data, or sabotage the devices 🔥 The researchers also said that the vulnerability was easy to exploit, as the devices use default or weak credentials, and are often exposed to the internet without proper protection. They advised the users of the affected products to apply the firmware update as soon as possible, and to follow the best practices for securing their OT networks 💯 This incident shows that industrial refrigeration products, like any other IoT or OT devices, are vulnerable to cyberattacks and need to be protected. Johnson Controls has acted responsibly and quickly to fix the issue, but users should also do their part to ensure the security and reliability of their systems. Stay safe and stay cool ❄️ #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities https://lnkd.in/efiZbuyH

🔌 Russia’s Sandworm Linked to Unprecedented Danish Energy Hack 🔌 A new report reveals that a notorious Russian hacker group, known as Sandworm, was behind a cyberattack that targeted Denmark’s largest energy company, Ørsted, in November 2022. The attack, which lasted for several hours, disrupted the company’s power distribution and wind farm operations, affecting more than a million customers across the country. The report, published by the Danish cybersecurity firm CSIS, says that the hackers used a sophisticated malware called BlackEnergy, which has been linked to previous attacks on Ukraine’s power grid in 2015 and 2016. The malware was designed to infiltrate the industrial control systems (ICS) that manage the energy infrastructure, and cause physical damage or sabotage. The report also says that the hackers exploited a vulnerability in a software component called OPC, which is widely used in ICS environments to communicate between different devices and systems. The vulnerability, which was disclosed in October 2022, allowed the hackers to execute arbitrary code on the OPC servers and gain access to the ICS network. The attack on Ørsted is considered to be the first known case of BlackEnergy being used against a Western energy company, and the largest ICS-related cyberattack in Europe. The report warns that the attack could be a sign of a broader campaign by Sandworm, which is believed to be affiliated with the Russian military intelligence agency GRU, to target critical infrastructure in the West. Sandworm is also responsible for other high-profile cyberattacks, such as the NotPetya ransomware outbreak in 2017, the SolarWinds supply chain compromise in 2020, and the attempted blackout in Ukraine in 2021. The report urges energy companies and other ICS operators to patch their systems, monitor their networks, and implement security best practices to prevent similar attacks in the future. 🛡️ https://lnkd.in/gbpRvydP #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities

🚨 DP World, a major port operator, hit by cyberattack 🚢 Thousands of containers blocked in ports around the world. Australia locks down ports to prevent further damage 🕵️♂️ Investigation underway to identify the attackers and their motives 🙏 DP World apologizes to customers and partners for the inconvenience 🔗 For more details, read the full article here: https://lnkd.in/eCunDsgS #industrialcybersecurity #IIoT #IndustrialIoT #SCADA #OTsecurity #NERC #scadahacking #cybersecurity #infosec #hacking #malware #ransomware #vulnerabilities