critical infrastructure security

From Security Week – Part of EU’s New €1.3 Billion Investment Going to Cybersecurity

[[{"value":"The European Commission plans on investing €1.3 billion ($1.4 billion) in cybersecurity, artificial intelligence and digital skills. The post Part of EU’s New €1.3 Billion Investment Going to Cybersecurity appeared…

shaikh Saqib March 31, 2025

News

From The Hacker News – RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that

shaikh Saqib March 30, 2025

News

From Security Week – UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach

[[{"value":"The UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack. The post UK Software Firm Fined £3…

shaikh Saqib March 27, 2025

News

From Cybercrime Magazine – The Perfect Storm: Why Power Plants Are Prime Targets For Cyberattacks

This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Power Magazine Sausalito, Calif. – Mar. 27, 2025 The power sector is on the frontlines…

shaikh Saqib March 27, 2025

Articles

From Graham Cluley – Malaysian PM says “no way” to $10 million ransom after alleged cyber attack against Kuala Lumpur airport

According to some reports, Kuala Lumpur International Airport had to resort to using whiteboards to communicate with passengers. Read more in my article on the Hot for Security blog. Read More

Samir K March 27, 2025

News

From Cyber Security News – Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC). The vulnerability, CVE-2025-26633, allows attackers to bypass security features and execute malicious…

shaikh Saqib March 25, 2025

News

From Dark Reading – What CISA’s Red Team Disarray Means for US Cyber Defenses

DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency's red teams. Read More

shaikh Saqib March 22, 2025

News

From Cyber Security News – Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access

A critical security flaw in Moxa’s PT series industrial Ethernet switches enables attackers to bypass authentication mechanisms and compromise device integrity. Tracked as CVE-2024-12297, this vulnerability (CVSS 4.0: 9.2) affects…

shaikh Saqib March 10, 2025

News

From Dark Reading – MITRE EMB3D for OT & ICS Threat Modeling Takes Flight

Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction. Read More

shaikh Saqib March 8, 2025

News

From Cyber Security News – CISA Warns of Edimax IC-7100 IP Camera 0-Day Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a severe vulnerability in the Edimax IC-7100 IP Camera. This vulnerability, CVE-2025-1316, allows attackers to execute remote…

shaikh Saqib March 7, 2025

News

From Cyber Security News – 12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury

The U.S. Department of Justice (DOJ) unsealed indictments today against 12 Chinese nationals linked to state-sponsored cyber espionage campaigns targeting the U.S. Treasury Department, religious organizations, media outlets, and critical…

shaikh Saqib March 6, 2025

News

From Dark Reading – Nakivo Fixes Critical Flaw in Backup & Replication Tool

The vendor's products fall in a category that ransomware operators like to target to circumvent victims' ability to recover from a successful attack. Read More

shaikh Saqib February 28, 2025

News

From Security Week – Nine Threat Groups Active in OT Operations in 2024: Dragos

[[{"value":"Dragos has published its 2025 OT/ICS Cybersecurity Report, which provides information on the threats and trends observed in 2024. The post Nine Threat Groups Active in OT Operations in 2024:…

shaikh Saqib February 25, 2025

News

From Cyber Security News – CISA Warns of SonicWall SonicOS RCE Vulnerability Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated warnings about a critical zero-day vulnerability in SonicWall’s SonicOS, designating CVE-2024-53704 for immediate remediation in its Known Exploited Vulnerabilities (KEV)…

shaikh Saqib February 19, 2025

News

From Security Week – Sean Cairncross is Trump Nominee for National Cyber Director

[[{"value":"Former RNC official Sean Cairncross has been nominated for the post of National Cyber Director to streamline the US cybersecurity strategy. The post Sean Cairncross is Trump Nominee for National…

Samir K February 14, 2025