X-Industry

Five vulnerabilities, two deemed critical, have been found in the Terrestrial Trunked Radio (TETRA) standard.  TETRA is the most widely used police radio communication system outside the US.  It is used by fire and ambulance services, transportation agencies, utilities, military, border control, and customs agencies in more than 100 nations globally and by the UN and NATO.

The vulnerabilities were discovered by cybersecurity firm Midnight Blue (Amsterdam, Netherlands) with funding from NLnet as

The US Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec.  The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) and command injection (CVE-2022-2068, CVSS score: 9.8).  Also patched by Siemens is an authentication byp

Someone or some group is attacking the US electrical power grid.  Specifically in the Seattle, WA area which comes after a series of similar incidents elsewhere in the Pacific Northwest as well as in Florida.  And law enforcement has never caught the guy who attacked the electrical grid down in North Carolina earlier in December 2022.  These were physical attacks which involved alleged shooting up power substation.[1]  As evident, these are physical attacks, not even cyber-attacks.

Shooting with

The Sandworm Group, a Russian based APT, which recently made headlines after their botnet of machines infected with Cyclops Blink malware, was taken down by the US Department of Justice, has been busy crafting attacks targeting the Ukrainian power grid.  The Computer Emergency Response Team of Ukraine (CERT-UA), had to step in and take action to thwart the attack on the country’s energy facilities.  Blame for the attack has been placed on Sandworm in support of Russian military actions in Easter

Electricity, oil and gas and other critical infrastructure vital to any country’s day to day lives is increasingly at risk from cyber-attackers who know that successfully compromising industrial control systems (ICS) and operational technology (OT) can enable them to disrupt or tamper with vital services.  A report from cybersecurity company Dragos[1] details ten different hacking operations which are known to have actively targeted industrial systems in North America and Europe and its warned t

Eventually, everyone need help with their heating and air conditioning (HVAC) units.  Most technicians are trustworthy and do a great job.  The bad news is that more than 9 out of 10 (91%) industrial organizations are vulnerable to cyber-attacks, according to a new report by Positive Technologies.  The study found that external attackers can penetrate the corporate network in all these organizations, and once inside, can obtain user credentials and complete control over the infrastructure in 100