Almost 3,900, or nearly 75%, of 5,219 internet-exposed Rockwell Automation/Allen-Bradley programmable logic controllers used in critical infrastructure entities that are vulnerable to ongoing targeting by Iranian state-sponsored threat actors are in the U.S., reports CyberScoop.
Internet-facing industrial control devices connected to the default Modbus port, commonly used by power grids and other industrial systems, reached 179 across 20 countries despite the protocol's absence of encryption and authentication, indicating a significant risk to critical infrastructure entities, Cybernews reports.
This week: Rage dropping 0-Day, Claude Mythos, things are different now, From UART to root, on a device made in China, where's the FCC?, More CUPS vulnerabilities, Russians are hacking routers, FCC ban doesn't stop them, Mongoose vulnerabilities, and FCC still does nothing, Renting virtual phones, Iran's cyber attacks, SHA-256 almost broken?, Catch...
Masjesu, also known as XorBot due to its use of XOR encryption, prioritizes low visibility and persistence, deliberately avoiding high-profile targets like Department of Defense IP ranges.
APT28, also known as Fancy Bear, compromised small office/home office routers, altering their DNS settings to redirect traffic to attacker-controlled virtual private servers.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
