🚨 New research today from Team82 reveals cyber-physical systems (CPS) are becoming a preferred target for opportunistic threat actors, who are often inspired politically and socially by geopolitical events.

Analyzing 200+ attacks against CPS in numerous industries, the findings show:
🔹 82% used virtual network computing (VNC) to access exposed, internet-facing assets
🔹 66% involved compromised HMI or SCADA systems
🔹 Many attacks required minimal sophistication, yet posed serious risks to operations, safety, and the public

📰 Read more: https://claroty.com/press-releases/new-research-finds-cybercriminals-are-increasingly-targeting-global-critical-infrastructure-via-direct-access-to-cyber-physical-systems

#Team82 #CyberPhysicalSystems #OTSecurity #ThreatIntelligence #CriticalInfrastructure #Cybersecurity

🚨 Johnson Controls recommends that users of its Frick Controls Quantum HD platform update to current versions after the disclosure by #Team82 of 𝟔 vulnerabilities that could lead to pre-authentication remote code execution, information leaks, and denial-of-service conditions.

Affected versions are (10.22-11) are no longer supported by the vendor, and users are urged to upgrade to version 12 or higher.

⚠️ Check out our Disclosure Dashboard for more details and remediation info. https://claroty.com/team82/disclosure-dashboard

Copeland has provided updates for its XWEB and XWEB Pro monitoring solutions for #retail and #HVAC environments that address 🚨 𝟐𝟑 vulnerabilities disclosed by #Team82 researchers, Noam Moshe and Amir Zaltzman. Fifteen OS command injection flaws and an authentication bypass assessed a 10.0 CVSS are among the most severe vulnerabilities.

⚠️ Check out our Disclosure Dashboard for more details & remediation information: https://claroty.com/team82/disclosure-dashboard

⚠️ EnOcean has addressed two vulnerabilities disclosed by #Team82 vulnerability researcher Amir Zaltzman in its SmartServer IoT product, and #IoT edge server that is ideal for monitoring energy management and other building management systems. 🚨 The vulnerabilities enable remote attackers to crafted Lon IP-852 messages that result in code execution on the device. https://claroty.com/team82/disclosure-dashboard

🔖 You can read more about Team82's research into the LonTalk protocol here: https://claroty.com/team82/research/examining-the-legacy-bms-lontalk-protocol

🚨 New from #Team82: Our research team shares its analysis of the LonTalk networking protocol which is often optimized for control applications within building management and automation systems. This blog examines the protocol’s fundamentals and traces its evolution from serial communication to IP-based deployments.

Read here: https://claroty.com/team82/research/examining-the-legacy-bms-lontalk-protocol

At Nexus Conference 2025, #Team82 lead Noam Moshe shared research on the Axis Communications video surveillance platform, highlighting how many vulnerable servers and devices remain exposed to attackers and how these #IoT assets can be leveraged for lateral movement into enterprise networks.

▶️ Watch the Top Sessions from #Nexus2025 here: https://nexusconnect.io/nexus-25

🚨 New from #Team82: Our researchers uncovered a one-click remote-code execution ⚠️ vulnerability affecting IDIS Cloud Manager viewer that could allow attackers to view 🔴 live video feeds and recordings and search images on the video surveillance system. The vulnerability has been patched and users are urged to upgrade to version 1.7.1.

🔬 Read more: https://claroty.com/team82/research/new-architecture-new-risks-one-click-to-pwn-idis-ip-cameras

🚨 New from #Team82: Our researchers uncovered a one-click remote-code execution ⚠️ vulnerability affecting IDIS Cloud Manager viewer that could allow attackers to view 🔴 live video feeds and recordings and search images on the video surveillance system. The vulnerability has been patched and users are urged to upgrade to version 1.7.1.

🔬 Read more: https://claroty.com/team82/research/new-architecture-new-risks-one-click-to-pwn-idis-ip-cameras

This interview with Team82 Vulnerability Research Lead Noam Moshe explores his team’s expansive look into IP-based surveillance cameras 🎥 manufactured by Sweden’s Axis Communications, a leading company in this space.

Companies like Axis are selling more and more into Western enterprises given bans on certain Chinese technologies. ⚠️ #Team82’s research uncovered a number of vulnerabilities in the management framework used to oversee these devices, as well as the communication protocol in play. Attackers can exploit these issues to gain control of cameras, move onto the corporate network, and disrupt the safety of a business.

▶️ Watch here: https://nexusconnect.io/videos/noam-moshe-on-hacking-enterprise-grade-ip-cameras

⚠️ #Team82 and Trend Micro's Zero Day Initiative disclosed 18 vulnerabilities in Algo Communication Products Ltd's IP Audio Alerter product that expose devices to numerous types of remote attacks that could enable code execution, information disclosure.

After the initial disclosure in October, Algo has yet to publish an update for the affected products. ZDI informed the vendor of its intent to publish advisories informing users of the zero-day vulnerabilities. The advisories were published Jan. 9. ZDI cautions users to restrict interaction with the product until updates are available.

ℹ️ More info: https://claroty.com/team82/disclosure-dashboard