Discover how Schneider Electric reached cybersecurity certification for its EcoStruxure Solutions. Unveiling the significance of cybersecurity and Schneider Electric’s compliance journey.
Category: Featured
FBI Warns: Chinese Hackers Are Preparing to Wreak Havoc on US Water System | Facts Matter
This is all part of the new global battlefield, where world powers don’t compete against each other directly using kinetic weapons, but rather constantly trying to exploit each other’s weaknesses under the surface.
VMware ESXi hypervisor vulnerability grants full admin privileges
August 12, 2024
(updated August 12, 2024)
Published by Kevin Harrys
Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor.
ICS malware FrostyGoop takes advantage of Modbus weakness, remains a threat to OT worldwide.
August 1, 2024
(updated August 12, 2024)
Published by Kevin Harrys
The malware leverages Modbus TCP communications to target operational technology assets — and can easily be repurposed to compromise other industrial controllers, putting widespread critical infrastructure at risk.
PKfail Secure Boot bypass lets attackers install UEFI malware
July 30, 2024
(updated July 30, 2024)
Published by Kevin Harrys
PKfail, a supply-chain issue, has affected hundreds of UEFI products for over 12 years, leaving nearly 900 devices vulnerable to malware installation. Vendors and users must follow best practices, apply updates and patches, monitor, and protect devices, and replace test keys. Prompt firmware upgrades are advised, and leaked AMI PK devices should be disconnected from critical networks.
What can we learn from the 2024 CrowdStrike incident towards industrial cybersecurity?
CrowdStrike, an American cybersecurity firm, released a configuration update for its Falcon sensor software that inadvertently triggered a catastrophic chain reaction.
