Critical Infrastructure Security

ICS vulnerabilities decline but unpatched bugs increase

Even though industrial control system vulnerabilities reported to the Cybersecurity and Infrastructure Security Agency declined from 681 during the first half of 2022 to 670 during the first half of 2023, the rate of unfixed ICS flaws rose from 13% to about 34% during the same period, according to The Hacker News. Most of the reported ICS flaws during the first six months of 2023 had a high-severity rating, while the critical manufacturing and energy industries were most impacted by the flaws, a SynSaber report revealed. Mitsubishi Electric and Hitachi Energy accounted for most of the discovered ICS bugs for the critical manufacturing and energy sectors, respectively. Use after free vulnerabilities accounted for most of the reported ICS bugs, followed by out-of-bounds read and improper input validation flaws. "Forever-Day vulnerabilities remain an issue six CISA Advisories identified for ICS vendor products that reached end of life with 'Critical' severity vulnerabilities have no update, patch, hardware/ software/ firmware updates, or known workarounds," said SynSaber.

Related

Details on 2021 Chemonics hack remain scant

International development firm Chemonics, which mainly caters to the United States Agency of International Development, has not yet provided more extensive information regarding a cyberattack that compromised more than 6,000 individuals initially reported in July 2021, reports FedScoop.

Media, think tank, service spoofing conducted in APT42 cyberespionage operations

Iranian state-backed hacking operation APT42 — also known as Mint Sandstorm, Mint Phosphorous, Charming Kitten, and TA453 — has spoofed major news organizations, including The Washington Post, think tanks, such as the McCain Institute, and internet services, such as Gmail, YouTube, and Google Drive, as part of cyberespionage campaigns against journalists and human rights activists, reports CyberScoop.

Feds warn of new Kimsuky phishing attack techniques

The U.S. State Department, National Security Agency, and the FBI have issued a joint advisory warning organizations across the country, especially educational entities, non-profits, and think tanks, regarding the increasingly advanced phishing techniques leveraged by North Korean state-backed hacking group Kimsuky, also known as APT43, Emerald Sleet, and Velvet Chollima, Nextgov reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.