Blog Posts Tagged with "ICS"
ICS-CERT: RuggedCom Weak Cryptography Vulnerability
April 27, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...
Comments (0)
Remember Public Cellular Networks in Smart Meter Adoption
April 26, 2012 Added by:Brent Huston
ICS/SCADA owners must strive to clearly identify their needs around cellular technologies, clearly demarcate the requirements for private/segmented/public cellular network use and understand the benefits/issues and threats of what they are utilizing...
Comments (0)
ICS-CERT: What does a Cyber Attack Feel Like?
April 26, 2012 Added by:Infosec Island Admin
The free ICS Advanced Cybersecurity training offers step-by-step guidance on network discovery, exploitation, defense, and detection. After the 3 full days of classroom instruction participants are armed with an arsenal of cyber attack and defense tools and techniques...
Comments (0)
All the Lights Will Not Go Out in a Cyber Attack
April 17, 2012 Added by:Dan Dieterle
One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...
Comments (5)
Information Sharing and the ICS-ISAC
April 15, 2012 Added by:Chris Blask
The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...
Comments (2)
Cybersecurity Problems Found in Electrical Infrastructure
April 07, 2012 Added by:Joel Harding
DOE is in charge of locating and fixing critical infrastructure problems within the energy sector. Do they, in turn, report to DHS if it has to do with critical infrastructure? Does DHS oversee DOE’s cybersecurity problems, their critical infrastructure problems or...?
Comments (2)
NIST Workshop on SCADA - ICS Security
April 05, 2012 Added by:Headlines
Securing against unlawful and malicious attacks is especially vital when the computers control major physical systems—manufacturing plants, transportation systems, power grids. Cybersecurity for physical systems is the topic of an upcoming NIST workshop...
Comments (0)
ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities
April 04, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...
Comments (0)
ICS-CERT: Invensys Wonderware Buffer Overflow Vulnerability
April 02, 2012 Added by:Infosec Island Admin
Researchers identified two buffer overflow vulnerabilities in the WWCabFile component of the Wonderware System Platform, and successful exploitation of these vulnerabilities will cause a buffer overflow that may allow remote code execution...
Comments (0)
What is Aurora and Why is it a Risk to Grid Reliability?
March 29, 2012 Added by:Joe Weiss
Aurora is a gap in the protection of the electric grid. It is a basic physics property - an out-of-phase condition that cannot be seen by the operator and can NOT be addressed by traditional mitigation. The only means to prevent an Aurora event is by physical hardware mitigation...
Comments (0)
ICS-CERT: Rockwell Automation FactoryTalk Vulnerability
March 29, 2012 Added by:Infosec Island Admin
Researchers have identified two vulnerabilities that may result in a denial-of-service (DoS) condition in the Rockwell Automation FactoryTalk (FT) application which if successfully exploited may result in a Denial of Service condition...
Comments (0)
ICS-CERT: Increasing Threat to Industrial Control Systems
March 21, 2012 Added by:Infosec Island Admin
ICS-CERT is monitoring an increase in a combination of threats that increase the risk of control systems attacks. These include Internet accessible ICS configurations, vulnerability and exploit tool releases, and increased interest and activity by hacktivist groups and others...
Comments (0)
Understanding Industrial Control System Vulnerabilities
March 21, 2012 Added by:Infosec Island Admin
A mission-critical control system is typically configured in a fully-redundant architecture allowing quick recovery from loss of various components in the system. A backup control center is used in more critical applications to provide a secondary control system...
Comments (0)
An Open Source Methodology to Attack Critical Infrastructure
March 20, 2012 Added by:Jeffrey Carr
Attackers with moderate skills can cause disruption to outright destruction of critical infrastructure at low cost and in short order. Contrary to popular wisdom, an attack against a nuclear power or hydro-electric plant doesn't require the resources of a nation state...
Comments (0)
Does DoE Know the Difference Between IT and Control Systems?
March 20, 2012 Added by:Joe Weiss
In September 2011 DOE issued the first draft of the Electricity SubSector Cybersecurity Risk Management Process document for comments. The document essentially equated IT and ICS. Doesn't DOE understand the difference between IT and Control Systems?
Comments (0)
ICS-CERT: Windows Remote Desktop Protocol Vulnerability
March 20, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a Remote Desktop Protocol (RDP) vulnerability, which with successful exploitation in the control systems environment could lead to system processes freezing and potentially allow remote code execution...
Comments (0)
- For Cybersecurity, It’s That Time of the Year Again
- Myth Busters: How to Securely Migrate to the Cloud
- Microsoft Makes OneDrive Personal Vault Available Worldwide
- Human-Centered Security: What It Means for Your Organization
- How Ethical Hackers Find Weaknesses and Secure Businesses
- New Passive RFID Tech Poses Threat to Enterprise IoT
- Android RAT Exclusively Targets Brazil
- Three Strategies to Avoid Becoming the Next Capital One
- Why a Business-Focused Approach to Security Assurance Should Be an Ongoing Investment
- If You Don’t Have Visibility, You Don’t Have Security