#ics
0 posts0 participants0 posts today
Stealthy GitHub Malware Campaign Targets Devs
A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered. The operation, attributed to the group known as Banana Squad, used 67 repositories hosting trojanized files that mimicked benign open-source projects. The attackers exploited GitHub's interface to conceal backdoor code using long space strings, making the malicious content invisible in normal view. Each GitHub account typically hosted one repository, likely fake and created solely to deliver malicious content. Hidden code within the Python files used encoding methods to obscure payload delivery functions. The campaign reflects a shift in open-source software supply chain attacks, with attackers now leveraging more covert tactics to target platforms like GitHub. Developers are advised to verify repositories, avoid reliance on single-repository accounts, and monitor for suspicious domains.
Pulse ID: 68548f8be824569a83f26ef4
Pulse Link: https://otx.alienvault.com/pulse/68548f8be824569a83f26ef4
Pulse Author: AlienVault
Created: 2025-06-19 22:30:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Update on NHS gender-affirming care stuff; largely negative, with a teeny-tiny bit of good; here be trauma dragons!
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here:
CensysTurning Off the (Information) Flow: Working With the EPA to Secure Hundreds of Exposed Water HMIs
Gotta admit, 35,000 solar panels would make a baaaaadass botnet.
https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/
Trentskunk
Hey smart people, I'm currently working on continuing my degoogling (as much as possible)...My current calendar/todo app syncs with Google Calendar and I'd like to find an alternative that supports local ICS files so I can export stuff from emacs org. Anybody done similar and if so, with what?
“Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatment”
by Skwawkbox @skwawkbox @UKLabour
“Health insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street”
SKWAWKBOX · Investors suing NHS-embedded UnitedHealth for authorising TOO MUCH treatmentHealth insurer that says its role is to avoid healthcare spending and paid nursing homes not to send old people to hospital relaxed refusals policy slightly after CEO shot in street A group of inve…
While there's a huge existing body of research on Internet-exposed #ICS devices, much of the prior work in this space disregards the existence of ICS honeypots. This can lead to inaccurate measurements and an inflated sense of real device exposure.
A recent paper by researchers from the Norwegian University of Science and the Delft University of Technology leverages Censys data to address this challenge (https://gsmaragd.github.io/publications/EuroSP2025-ICS/EuroSP2025-ICS.pdf).
Specifically, they outline their approach to classifying ICS services as real or deceptive based on various metadata characteristics.
It's exciting to see researchers working on this problem and trying to more accurately measure ICS exposure. More of my thoughts on this paper were included in this SecurityWeek article:
https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/
Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 
Trace attack paths in ICS with Gilberto "Gil" Garcia's #BSidesBoulder25 talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows.
Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 
#BSides #BSidesBoulder #ICS #CyberSecurity #OTSecurity #ThreatModeling
Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389
EventbriteBSides Boulder 2025BSides Boulder is an annual conference with the mission of increasing cybersecurity awareness within the Boulder, Colorado community.
Habt ihr ne schöne Quelle für Ferien-/Feiertags-Kalender(feeds) im iCal-Format? Ich hätte gern
• alle bundesweiten und regionalen Feiertage für Deutschland, inklusive der Info (im Beschreibungstext), in welchen Bundesländer der Tag gesetzlicher Feiertag ist (ein Feed mit allem)
• Schulferien für einzelne Bundesländer (ein Feed pro Bundesland)
Einmalige Downloads sind okay, Feed-URLs wären fast besser.
Geez, TWENTY-TWO ICS advisories from CISA today? Is that as awful as it sounds?
Cybersecurity and Infrastructure Security Agency CISACISA Releases Twenty-Two Industrial Control Systems Advisories | CISA
Release notes for v25.04.1 of Malcolm, a powerful, easily deployable network traffic analysis tool suite for network security monitoring
Just what we need, another Russian threat group tampering with critical infrastructure control panels.
#Russia #ThreatIntelligence #Cybersecurity #CriticalInfrastructure #OT #ICS #SCADA #Hackers #Security #NationalSecurity
https://cyble.com/blog/dark-web-activity-new-hacktivist-group-emerges/
Cyble · Dark Web Activity January 2025: A New Hacktivist Group Emerges
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual 
State of the Internet Report detailing what we've learned! A few highlights:
Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 
Censys · The 2024 State of the Internet Report | CensysIn their third annual State of the Internet Report, the Censys Research Team is back with fresh insights into the state of internet security and its implications for organizations and their security teams.
Critical infrastructure / #ICS system owners should be watching these three discrete @BleepingComputer stories regarding vulnerable (and popular) perimeter devices:
It’s almost always the perimeter.
BleepingComputer · Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Critical infrastructure / #ICS system owners should be watching these three @bleepincomputer stories regarding vulnerable (and popular) perimeter devices:
BleepingComputer · Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Update on 4th appointment with the NHS EOEGS; 2nd surgery referral; discussion of trans fem gender-affirming surgeries
Excited to share insights at #ISCCPH2024 on how #AI, #ML, and #LLMs are driving changes in #OT and #ICS security. Let’s explore how these technologies are reshaping industrial environments. Ping me for a discount code! https://insightevents.dk/isc-cph/
Nov 12-14
Copenhagen, Denmark
Looking forward to speaking at #ISCCPH2024 on how #AI, #ML, and #LLMs are shaping #OT and #ICS security. Join me to explore these emerging technologies and their impact on industrial environments. DM me for a discount code!
https://insightevents.dk/isc-cph/
Nov 12-14 Copenhagen, Denmark
I’m looking forward to speaking at #ISCCPH2024 in Copenhagen, discussing how #AI, #ML, and #LLMs are impacting the #OT and #ICS space. It’s an exciting time for industrial security, and I’m hoping for some great discussion on these emerging technologies.
https://insightevents.dk/isc-cph/
Want to go? I've got discount codes...
Nov 12-14 Copenhagen, Denmark