Blog Posts Tagged with "ICS-CERT"

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingSCADA Insecure Password Encryption

May 10, 2012 Added by:Infosec Island Admin

Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Join ICS-CERT on the US-CERT Secure Portal

May 09, 2012 Added by:Infosec Island Admin

One of the best kept secrets in the critical infrastructure world is the US-CERT secure portal, a web-based platform that provides a mechanism for secure, unclassified information exchange between government agencies and the private sector asset owners and operators...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Planning for a Cyber Incident?

May 08, 2012 Added by:Infosec Island Admin

Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US Gas Pipeline Companies Under Major Cyber Attack

May 07, 2012 Added by:Headlines

“Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated 'spear-phishing' campaign..."

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Getting Started Securing Industrial Assets

May 04, 2012 Added by:Infosec Island Admin

Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: The Role of Fusion Centers

May 03, 2012 Added by:Infosec Island Admin

ICS-CERT recommends that industrial control systems owners and operators contact their local fusion center to better understand the role of their fusion center in supporting the private sector in critical infrastructure protection and cybersecurity...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingView DLL Hijack Vulnerability

May 02, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Event Auditing and Log Management

April 30, 2012 Added by:Infosec Island Admin

Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography Vulnerability

April 27, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: What does a Cyber Attack Feel Like?

April 26, 2012 Added by:Infosec Island Admin

The free ICS Advanced Cybersecurity training offers step-by-step guidance on network discovery, exploitation, defense, and detection. After the 3 full days of classroom instruction participants are armed with an arsenal of cyber attack and defense tools and techniques...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Social Engineering and SCADA Security

April 24, 2012 Added by:Infosec Island Admin

Social engineering attempts can be highly targeted and conducted in a way that is much more difficult to detect than the spam and phishing emails we receive in our inbox. Phone-based social engineering attempts were recently experienced at two or more power distribution companies...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities

April 20, 2012 Added by:Infosec Island Admin

ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability

April 18, 2012 Added by:Infosec Island Admin

Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Certec WebMI2ADS Multiple Vulnerabilities

April 17, 2012 Added by:Infosec Island Admin

Researcher Luigi Auriemma has identified multiple vulnerabilities in Certec’s WebMI2ADS application. Successful exploitation of these vulnerabilities may allow an attacker to cause a denial of service (DoS) or could lead to data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Koyo Ecom100 Multiple Vulnerabilities

April 16, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Scalence S Multiple Vulnerabilities

April 12, 2012 Added by:Infosec Island Admin

Siemens has reported two security vulnerabilities in the Scalance S Security Module firewall - a brute-force credential guessing vulnerability in the web configuration and a stack-based buffer overflow vulnerability in the Profinet DCP protocol stack...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »