Pierluigi Paganini
June 06, 2025
A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console, then used it to […]
Pierluigi Paganini
May 18, 2025
Chinese “kill switches” found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids in a conflict. Investigators found “kill switches” in Chinese-made power inverters in US solar farm equipment. These hidden cellular radios could let Beijing remotely cripple power grids during a conflict. The Times reported that […]
Pierluigi Paganini
May 07, 2025
CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are […]
Pierluigi Paganini
January 20, 2025
Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a […]
Pierluigi Paganini
January 07, 2025
Moxa warns of two flaws in its routers and security appliances that enable privilege escalation and remote command execution. Moxa addressed privilege escalation and OS command injection vulnerabilities in cellular routers, secure routers, and network security appliances. Below are the descriptions for both vulnerabilities: Moxa released firmware updates to address vulnerabilities CVE-2024-9140 and CVE-2024-9138. Affected […]
Pierluigi Paganini
December 14, 2024
Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware. Claroty’s Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL used by the Iran-linked threat actors to target devices in infrastructure located in Israel and U.S.. According to the experts Iran-linked threat group CyberAv3ngers reportedly targeted fuel […]
Pierluigi Paganini
September 26, 2024
Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code. OpenPLC […]
Pierluigi Paganini
August 05, 2024
A security bypass bug in Rockwell Automation ControlLogix 1756 devices could allow unauthorized access to vulnerable devices. A high-severity security bypass vulnerability, tracked as CVE-2024-6242 (CVSS Base Score v4.0 of 7.3), impacts Rockwell Automation ControlLogix 1756 devices. An attacker can exploit the vulnerability to execute common industrial protocol (CIP) programming and configuration commands. “A vulnerability […]
Pierluigi Paganini
July 23, 2024
In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ICS malware named FrostyGoop that interacts with Industrial Control Systems using the Modbus protocol. FrostyGoop is the ninth ICS malware that was discovered an that a nation-state […]
Pierluigi Paganini
July 05, 2024
Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that remote, unauthenticated attackers can exploit to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves exploiting two custom classes to upload and load […]
