A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments.
The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of CVE-2022-
The threat actor known as Space Pirates has been linked to attacks against at least 16 organizations in Russia and Serbia over the past year by employing novel tactics and adding new cyber weapons to its arsenal.
"The cybercriminals' main goals are still espionage and theft of confidential information, but the group has expanded its interests and the geography of its attacks," Positive
For too long the cybersecurity world focused exclusively on information technology (IT), leaving operational technology (OT) to fend for itself. Traditionally, few industrial enterprises had dedicated cybersecurity leaders. Any security decisions that arose fell to the plant and factory managers, who are highly skilled technical experts in other areas but often lack cybersecurity training or
Three security vulnerabilities have been disclosed in operational technology (OT) products from Wago and Schneider Electric.
The flaws, per Forescout, are part of a broader set of shortcomings collectively called OT:ICEFALL, which now comprises a total of 61 issues spanning 13 different vendors.
"OT:ICEFALL demonstrates the need for tighter scrutiny of, and improvements to, processes related to
Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to citizens, environments, and
China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks.
The development comes nearly two months after the country's cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks.
"The purpose of this network security review of Micron's products is to
Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags.
"The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and
Why is Visibility into OT Environments Crucial?
The significance of Operational Technology (OT) for businesses is undeniable as the OT sector flourishes alongside the already thriving IT sector. OT includes industrial control systems, manufacturing equipment, and devices that oversee and manage industrial environments and critical infrastructures. In recent years, adversaries have recognized the
Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13.
"The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said. "Apps that choose to participate in the Beta
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).
The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.
"These issues exemplify either an
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms.
The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated
Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning.
As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the
Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks.
Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider
Shadow IT refers to the practice of users deploying unauthorized technology resources in order to circumvent their IT department. Users may resort to using shadow IT practices when they feel that existing IT policies are too restrictive or get in the way of them being able to do their jobs effectively.
An old school phenomenon
Shadow IT is not new. There have been countless examples of
Login
FreshRSS