INCIBE-CERT

Contenido INCIBE-CERT

 

Understanding BACnet: Present and future of protocol in industrial environments

Posted on 14/08/2025, by
INCIBE (INCIBE)
Gestión de un edificio inteligente desde un dispositivo móvil
The BACnet (Building Automation and Control Networks) communications protocol is a standardised, open protocol developed by ASHRAE (American Society of Heating, Refrigerating and Air-Conditioning Engineers Inc) designed for smart building management. Its main advantage is the ease with which it enables communication between different devices and systems from various brands.This article provides a technical analysis of the BACnet protocol, explaining its technical concepts, new features and advantages in industrial environments, and how it has evolved to meet today's cybersecurity requirements. 

Ataques DDoS: técnicas y mitigación en infraestructuras empresariales

Updated on 15/07/2025, by
INCIBE (INCIBE)
Ataques DDoS: técnicas y mitigación en infraestructuras empresariales
In May 2025 the KrebsOnSecurity site suffered a massive DDoS attack of approximately 6.3 Tbps. According to the information reported, it was a brief incident ( approximately 40 to 45 seconds) designed as a test of a new IoT botnet called Aisuru. The magnitude of the attack was unprecedented: it exceeded the 2016 Mirai attack (623 Gbps) by a factor of ten. At the time, the affected entity was under the protection of Google Project Shield (free anti-DDoS service for media), and Google confirmed that this was the largest attack its infrastructure had ever suffered. This incident is a clear example that DDoS attacks are becoming more and more powerful, and can compromise even the most prepared entities, so we will explain in detail the topic of DDoS attacks.

NoSQL Injection: How malicious input can compromise your application

Posted on 20/06/2025, by
INCIBE (INCIBE)
NoSQL injections. A hand touching a digital screen with a database icon , the background is a blurred digital environment with binary code and abstract shapes. The database icon is adorned with "NoSQL"
Given the increasing proliferation of NoSQL databases in modern applications, it is critical for developers and security teams to understand the risks associated with NoSQL injections. This article discusses the threats and impact of these vulnerabilities, the techniques attackers use to discover and exploit weaknesses in applications, and best practices for protecting against these types of attacks. Through a defense-in-depth strategy, which combines input validation, secure queries, strict access controls, and continuous monitoring, organizations will be able to strengthen the security of their applications against NoSQL injections and mitigate the associated risks.

Vulnerabilities

Check our database with information in Spanish about the latest documented and known vulnerabilities.

Guides and studies

Advanced practical and theoretical content on cybersecurity for technicians.

Service for operators

Set of services we offer for strategic operators.

Servicio para operadores