shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

261
active users

#ics

0 posts0 participants0 posts today

For those with direct experience in the ICS/OT world --

What would you say is the average age of the OT equipment currently in service?

Please boost for reach! Thank you
#ICS #OT

Stealthy GitHub Malware Campaign Targets Devs

A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered. The operation, attributed to the group known as Banana Squad, used 67 repositories hosting trojanized files that mimicked benign open-source projects. The attackers exploited GitHub's interface to conceal backdoor code using long space strings, making the malicious content invisible in normal view. Each GitHub account typically hosted one repository, likely fake and created solely to deliver malicious content. Hidden code within the Python files used encoding methods to obscure payload delivery functions. The campaign reflects a shift in open-source software supply chain attacks, with attackers now leveraging more covert tactics to target platforms like GitHub. Developers are advised to verify repositories, avoid reliance on single-repository accounts, and monitor for suspicious domains.

Pulse ID: 68548f8be824569a83f26ef4
Pulse Link: otx.alienvault.com/pulse/68548
Pulse Author: AlienVault
Created: 2025-06-19 22:30:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Hey smart people, I'm currently working on continuing my degoogling (as much as possible)...My current calendar/todo app syncs with Google Calendar and I'd like to find an alternative that supports local ICS files so I can export stuff from emacs org. Anybody done similar and if so, with what?

#emacs
#ics
#calendar
#DeGoogle

While there's a huge existing body of research on Internet-exposed #ICS devices, much of the prior work in this space disregards the existence of ICS honeypots. This can lead to inaccurate measurements and an inflated sense of real device exposure.

A recent paper by researchers from the Norwegian University of Science and the Delft University of Technology leverages Censys data to address this challenge (gsmaragd.github.io/publication).

Specifically, they outline their approach to classifying ICS services as real or deceptive based on various metadata characteristics.

It's exciting to see researchers working on this problem and trying to more accurately measure ICS exposure. More of my thoughts on this paper were included in this SecurityWeek article:

#OT #security #honeypot

securityweek.com/up-to-25-of-i

⚡ Attackers are more regularly targeting industrial control systems (ICS) on Operational Technology (OT), which have led to devistating real world consequences 😵

Trace attack paths in ICS with Gilberto "Gil" Garcia's #BSidesBoulder25 talk "Attack Path Modeling for Securing ICS/OT Systems"! Attendees will learn how to visualize adversary movements, focus on crown jewels, and turn free tools and threat intel into actionable defense strategies through understanding attacker workflows.
Garcia's session will also delve into frameworks, modeling techniques, and the integration of intelligence-driven security measures to strengthen ICS/OT resilience - because in critical infrastructure, guesswork isn’t a good option! 🛠️🔌 #BSides #BSidesBoulder #ICS #CyberSecurity #OTSecurity #ThreatModeling

Tickets are available for purchase for our 13 June event here: eventbrite.com/e/bsides-boulde

EventbriteBSides Boulder 2025BSides Boulder is an annual conference with the mission of increasing cybersecurity awareness within the Boulder, Colorado community.

Habt ihr ne schöne Quelle für Ferien-/Feiertags-Kalender(feeds) im iCal-Format? Ich hätte gern

• alle bundesweiten und regionalen Feiertage für Deutschland, inklusive der Info (im Beschreibungstext), in welchen Bundesländer der Tag gesetzlicher Feiertag ist (ein Feed mit allem)
• Schulferien für einzelne Bundesländer (ein Feed pro Bundesland)

Einmalige Downloads sind okay, Feed-URLs wären fast besser.

#iCal#ICS#Kalender

Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.

Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:

🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.

💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.

⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.

#infosec #cybersecurity #OT

You can find a copy of the report with all the details here! 👇

censys.com/the-2024-state-of-t

Censys · The 2024 State of the Internet Report | CensysIn their third annual State of the Internet Report, the Censys Research Team is back with fresh insights into the state of internet security and its implications for organizations and their security teams.