Blog Posts Tagged with "ICS"
ICS-CERT: What does a Cyber Attack Feel Like?
April 26, 2012 Added by:Infosec Island Admin
The free ICS Advanced Cybersecurity training offers step-by-step guidance on network discovery, exploitation, defense, and detection. After the 3 full days of classroom instruction participants are armed with an arsenal of cyber attack and defense tools and techniques...
Comments (0)
All the Lights Will Not Go Out in a Cyber Attack
April 17, 2012 Added by:Dan Dieterle
One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...
Comments (5)
Information Sharing and the ICS-ISAC
April 15, 2012 Added by:Chris Blask
The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...
Comments (2)
Cybersecurity Problems Found in Electrical Infrastructure
April 07, 2012 Added by:Joel Harding
DOE is in charge of locating and fixing critical infrastructure problems within the energy sector. Do they, in turn, report to DHS if it has to do with critical infrastructure? Does DHS oversee DOE’s cybersecurity problems, their critical infrastructure problems or...?
Comments (2)
NIST Workshop on SCADA - ICS Security
April 05, 2012 Added by:Headlines
Securing against unlawful and malicious attacks is especially vital when the computers control major physical systems—manufacturing plants, transportation systems, power grids. Cybersecurity for physical systems is the topic of an upcoming NIST workshop...
Comments (0)
ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities
April 04, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...
Comments (0)
ICS-CERT: Invensys Wonderware Buffer Overflow Vulnerability
April 02, 2012 Added by:Infosec Island Admin
Researchers identified two buffer overflow vulnerabilities in the WWCabFile component of the Wonderware System Platform, and successful exploitation of these vulnerabilities will cause a buffer overflow that may allow remote code execution...
Comments (0)
What is Aurora and Why is it a Risk to Grid Reliability?
March 29, 2012 Added by:Joe Weiss
Aurora is a gap in the protection of the electric grid. It is a basic physics property - an out-of-phase condition that cannot be seen by the operator and can NOT be addressed by traditional mitigation. The only means to prevent an Aurora event is by physical hardware mitigation...
Comments (0)
ICS-CERT: Rockwell Automation FactoryTalk Vulnerability
March 29, 2012 Added by:Infosec Island Admin
Researchers have identified two vulnerabilities that may result in a denial-of-service (DoS) condition in the Rockwell Automation FactoryTalk (FT) application which if successfully exploited may result in a Denial of Service condition...
Comments (0)
ICS-CERT: Increasing Threat to Industrial Control Systems
March 21, 2012 Added by:Infosec Island Admin
ICS-CERT is monitoring an increase in a combination of threats that increase the risk of control systems attacks. These include Internet accessible ICS configurations, vulnerability and exploit tool releases, and increased interest and activity by hacktivist groups and others...
Comments (0)
Understanding Industrial Control System Vulnerabilities
March 21, 2012 Added by:Infosec Island Admin
A mission-critical control system is typically configured in a fully-redundant architecture allowing quick recovery from loss of various components in the system. A backup control center is used in more critical applications to provide a secondary control system...
Comments (0)
An Open Source Methodology to Attack Critical Infrastructure
March 20, 2012 Added by:Jeffrey Carr
Attackers with moderate skills can cause disruption to outright destruction of critical infrastructure at low cost and in short order. Contrary to popular wisdom, an attack against a nuclear power or hydro-electric plant doesn't require the resources of a nation state...
Comments (0)
Does DoE Know the Difference Between IT and Control Systems?
March 20, 2012 Added by:Joe Weiss
In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?
Comments (0)
ICS-CERT: Windows Remote Desktop Protocol Vulnerability
March 20, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a Remote Desktop Protocol (RDP) vulnerability, which with successful exploitation in the control systems environment could lead to system processes freezing and potentially allow remote code execution...
Comments (0)
ICS-CERT: GE Intelligent Platforms Proficy Historian Data Advisory
March 15, 2012 Added by:Infosec Island Admin
ICS-CERT received a report from GE Intelligent Platforms concerning a memory corruption vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver could allow an attacker to cause the service to crash, and may lead to arbitrary code execution...
Comments (0)
ICS-CERT: GE Intelligent Platforms Proficy Plant Vulnerability
March 14, 2012 Added by:Infosec Island Admin
ICS-CERT received a report concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications which could allow an attacker to cause multiple Proficy services to crash, which may lead to arbitrary code execution...
Comments (0)
- It's Time to Get Real about Complex, Emerging Threats
- Under Expanding Cyber Siege, CISOs Admit Clear Visibility on Attacks Is a Challenge
- Busting the VDI Security Myth
- Why Admin Rights Removal Is only the First Step towards Data Protection
- FIN6 Hackers Update Arsenal of Techniques
- Hackers and Worms in the Singularity
- Trojanized Extension Uploaded to Google’s Chrome Store
- Gartner SOAR Adoption Rate Prediction: From 1% to 15% by 2020 - Why Should You Care?
- New Payment Tech, New Security Challenges
- CVE-2018-11776 — The Latest Apache Struts Vulnerability