SCADAfence Blog

Two vulnerabilities in Rockwell programmable logic controllers and engineering workstation software have been disclosed. These vulnerabilities give attackers a way to modify automation processes and...

Our research team has put together all of the most relevant news topics in the ICS, IT, Ransomware & OT security fields, as well as their impacts and their expert recommendations:

As 2021 draws to a close, it is time for our customary round-up of the year’s industry-changing cyber attacks, product and company updates, and SCADAfence’s achievements.

Until two weeks ago, Log4j was just a popular Java logging framework, one of the numerous components that run in the background of many modern web applications. But since a zero-day vulnerability...

December 10, 2021, will always be remembered by the security community as the day when a highly critical zero‑day vulnerability was found in the very popular logging library for Java applications, ...

The COVID-19 pandemic has been detrimental to the world economy while flattening many industries. The mining industry was fortunate to be one of the very few industries to deliver exceptional growth...

When organizations are seeking out the right OT network security for their OT environments and OT devices, the clear objective is to decrease and eliminate risks. Too often organizations only adopt...

In 2021, the increasing number of cyber security attacks on major critical infrastructure operators grabbed the headlines. The successful attacks targeted different industrial sectors such as oil...

CISOs and security teams face an uphill battle when it comes to detecting and mitigating ever more frequent and sophisticated cyber threats, especially in OT environments.

Over time, we have learned that we develop products not for our own innovation, but for you the customers, to help improve your OT security. In 2021, we were excited to launch three newly designed...

In the wake of the different ransomware attacks on Colonial Pipeline, JBS Foods, Oldsmar Florida water system and other critical infrastructure, President Joe Biden signed a national security...

When looking back at 2020 and 2021 the first thing that comes to mind is the different supply chain attacks on the industrial sectors. The successful attacks by threat actors exploited the industrial...

There is a lot of buzz recently on the topic of MITRE ATT&CK for ICS and rightfully so.

50% of Automotive Manufacturers Are Susceptible to a Ransomware Attack The automotive industry has started to ramp up its digitalization in their manufacturing sites but cybersecurity is still an...

Just as the security community was recovering from the SolarWinds supply-chain attack, over July 4th holiday weekend Kaseya IT management software, commonly implemented by Managed Service Providers...

Cyber Crime on the Rise - Ransomware is Everywhere Over the past few months, there is a feeling that every day a different organization has fallen victim to a ransomware attack. While the idea of a...

Over the years, programmable logic controllers (PLC) have been insecure by default. Security good practices have been created and adopted for IT which can be seen in OWASP’s Top Ten Vulnerabilities...

Earlier this month, on June 4th, the North American Electric Reliability Corporation (NERC) released a new practice guide that pinpoints how organizations should integrate network monitoring...

It’s no secret that Nation-State attackers are targeting US government agencies and organizations. As seen in the Solarwinds breach and the more recent Colonial Pipeline ransomware attack,...

It's been over a decade since the headline-grabbing Stuxnet virus was introduced and the concept of nation-state-sanctioned cyber attacks was presented by security professionals. The concern about...

Following the Colonial Pipeline Ransomware incident, Twitter exploded in to an orgy of blather from people demanding that we “air-gap” ICS. Those righteous keyboard warriors know what is best, I’m...

There are new vulnerabilities discovered every day, and new patches issued to fix them. As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources...

On May 8th, news broke that Colonial Pipeline, one of the largest fuel pipelines in the US, was forced to stop all operations due to falling victim to a ransomware attack. The attack on Colonial...

As each day passes, so does the increasing amount of security risks with the cybersecurity attack vector. Every organization can easily fall victim to another cyber threat, but recently, the...

Over the last few days, cybersecurity journalists and the ICS security community have been discussing the Oldsmar Florida water system cyber attack, almost ad nauseam. While many people have been...

Ransomware Slams Westrock & Other Industrial Networks Earlier this week, the operations at $17 billion packaging firm WestRock were disrupted by a ransomware attack that impacted both its IT and OT...

Our Researchers Discover Another Vulnerability As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities...

What a year. What a year this has been to humanity, an epidemic has fundamentally changed the way we interact with one another, social distancing, lockdowns and restrictions in virtually everything...

SunBurst - The Cyber Attack on SolarWinds SunBurst is a cyber espionage campaign that leveraged a supply chain attack on SolarWinds, a leading supplier of network management software. Between March...

The '85 Bears of Cyber Physical Security A few days ago, our elite cybersecurity team of defenders, faced over 50 of the world’s top hackers and security practitioners in the Hack the Building event.

In today's stressful times, we can all use a refreshing beverage. Seriously, with the uncertainty around the the rising ransomware incidents in OT networks, we can all use some brightness in our...

SCADAfence Researchers Discover A Sensitive Information Leak Vulnerability in Canon Printers

Our Researchers Discover Another Vulnerability As part of our mission to secure the world’s OT, IoT and Cyber Physical infrastructures, we invest resources into offensive research of vulnerabilities...

Hey, I’m SCADAGirl. I'm a cybersecurity superhero that ensures that OT & IoT networks are safe. Here is my commentary on the latest headlines in OT & IoT security.

As industrial systems become increasingly connected to IT, Cloud and ERP systems, they become increasingly exposed to cyber threats such as ransomware. In fact, cyber threats for industrial control...

It’s true, the SCADAfence Governance Portal can now connect to any third-party application through Syslog or rest-API and we’re providing the entire on-boarding for free until the end of this year....

A Shocking Flaw Here’s an all too often overlooked item in the security architecture of industrial networks. Below is a diagram of an industrial network architecture we’ve seen in a number of places.

Hey, I’m SCADAGirl. I'm a cybersecurity superhero that ensures that OT & IoT networks are safe. Here is my commentary on the latest headlines in OT & IoT security.

Overview As the NSA urges companies to secure their industrial networks, two vulnerabilities were found in Schneider Electric Triconex SIS devices. Both of the vulnerabilities reside within the ...