#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

PLC | Breaking Cybersecurity News | The Hacker News

Category — PLC
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024 Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 Th...
Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Apr 01, 2022
Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers ( PLCs ) and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the potential to disrupt industrial operations and cause physical damage to factories in a manner similar to that of Stuxnet and the  Rogue7 attacks , operational technology security company Claroty said. "Programmable logic and predefined variables drive these [automation] processes, and changes to either will alter normal operation of the PLC and the process it manages," Claroty's Sharon Brizinov  noted  in a write-up published Thursday. The list of two flaws is below – CVE-2022-1161  (CVSS score: 10.0) – A remotely exploitable flaw that allows a malicious actor to write user-readable "textual" program code to a separate memory location from the executed c...
What Is Attack Surface Management?

What Is Attack Surface Management?

Feb 03, 2025Attack Surface Management
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important. In this guide, we look at why attack surfaces are growing and how to monitor and manage them properly with  tools like Intruder . Let's dive in. What is your attack surface? First, it's important to understand what we mean when we talk about an attack surface. An attack surface is the sum of your digital assets that are 'reachable' by an attacker – whether they are secure or vulnerable, known or unknown, in active use or not. You can also have both internal and external attack surfaces - imagine for example a malicious email attachment landing in a colleague's inbox, vs a new FTP server being...
Expert Insights / Articles Videos
Cybersecurity Resources