BlackCat ransomware gang hits Luxembourg energy company. Predatory Sparrow's assault on Iran's steel industry. MOXA issues patches for two vulnerabilities. ICS security advisories. Two security bills pass the US House. Insider threat: Spain arrests nuclear plant employees. The human risk to OT systems.

Control Loop News Brief.
BlackCat ransomware gang hits Luxembourg energy company.
BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing)
Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat (Tech Monitor)
BlackCat ransomware claims attack on European gas pipeline (BleepingComputer)
Luxembourg energy companies struggling with alleged ransomware attack, data breach (The Record by Recorded Future) 
Predatory Sparrow's assault on Iran's steel industry.
Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News)
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' (CyberScoop) 
MOXA issues patches for two vulnerabilities.
Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks (SecurityWeek)
Two Moxa Zerodays — ICSRange.com - Powered by En Garde Security (ICSRange.com - Powered by En Garde Security)
ICS security advisories.
Inductive Automation Ignition (CISA)
Honeywell Safety Manager (CISA)
Honeywell Saia Burgess PG5 (CISA)
MOXA NPort 5110 (CISA)
Mitsubishi MELSEC and MELIPC Series (Update D) (CISA)
Rockwell Products Impacted by Chromium Type Confusion Vulnerability (CISA)
Mitsubishi FA Engineering Software (Update B) (CISA)
Mitsubishi Electric Factory Automation Engineering Software (Update C) (CISA)
Mitsubishi Electric Factory Automation Products Path Traversal (Update C) (CISA)
Mitsubishi Electric Factory Automation Engineering Products (Update H) (CISA)
Mitsubishi Electric FA Engineering Software Products (Update F) (CISA)
Delta Electronics DIAEnergie (Update C) (CISA)
Delta Electronics DIAEnergie (Update C) (CISA)
Security bills pass the US House.
House Passes Cybersecurity Bills Focusing on Energy Sector, Information Sharing (SecurityWeek)
Insider threat: Spain arrests nuclear plant employees.
Spanish police arrest two accused of hacking radioactivity alert system (Record by Recorded Future)
The human risk to OT systems.
The 2022 State of Operational Technology (SCADAfence)

Control Loop Interview.
Bryson Bort from SCYTHE, on threat emulation for critical infrastructure, season 3 of Hack the Plant with the Atlantic Council, and the ICS Village at Def Con in collaboration with CISA.
Bryson Bort on LinkedIn

Control Loop Learning Lab.
Jim Gilsinn, Technical Leader at Dragos Global Services Team, discusses Security Directive Pipeline-2021-02C, pipeline cybersecurity mitigation actions, contingency planning, and testing, with Mark Urban, VP of Product Market Strategy at Dragos.
Jim Gilsinn on LinkedIn
Mark Urban on LinkedIn
U.S. Transportation Safety Administration (TSA) Pipeline Security Directive

Subscribe to the Control Loop Newsletter here with new editions published every month.