Even though industrial control system vulnerabilities reported to the Cybersecurity and Infrastructure Security Agency declined from 681 during the first half of 2022 to 670 during the first half of 2023, the rate of unfixed ICS flaws rose from 13% to about 34% during the same period, according to The Hacker News.
Most of the reported ICS flaws during the first six months of 2023 had a high-severity rating, while the critical manufacturing and energy industries were most impacted by the flaws, a SynSaber report revealed.
Mitsubishi Electric and Hitachi Energy accounted for most of the discovered ICS bugs for the critical manufacturing and energy sectors, respectively. Use after free vulnerabilities accounted for most of the reported ICS bugs, followed by out-of-bounds read and improper input validation flaws.
"Forever-Day vulnerabilities remain an issue six CISA Advisories identified for ICS vendor products that reached end of life with 'Critical' severity vulnerabilities have no update, patch, hardware/ software/ firmware updates, or known workarounds," said SynSaber.
Kansas city disrupted by cyberattack Officials at the City of Pittsburg, Kansas have confirmed that its government phone, email, and online payment systems have been impacted by a cyberattack identified over the weekend, according to The Record, a news site by cybersecurity firm Recorded Future.
Novel threat actor ShroudedSnooper has targeted Middle Eastern telecommunications firms in new attacks with the stealthy HTTPSnoop malware, reports The Hacker News.
Reuters reports that three organizations in the manufacturing, technology, and retail industries have also been compromised over the past few weeks by the ALPHV/BlackCat ransomware operation and its affiliate Scattered Spider, which were reported to have most recently attacked MGM Resorts International and Caesars Entertainment.