Blog Posts Tagged with "ICS-CERT"
May 16, 2013 Added by:Anthony M. Freed
The Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, recently issued an advisory warning of an elevated risk of cyber-based attacks against companies that are tasked with administering systems that control elements of our nation’s critical infrastructure.
September 04, 2012 Added by:Infosec Island Admin
Successful exploitation of this vulnerability could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service...
August 30, 2012 Added by:Infosec Island Admin
W32.DistTrack, also known as “Shamoon,” is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable...
August 28, 2012 Added by:Infosec Island Admin
ICS-CERT onsite analysis included a search for host-based and network-based indicators to identify additional hosts for further analysis. ICS-CERT hashed files from approximately 1700 machines and compared them to hashes of known malicious files and examined proxy logs to identify any suspicious network activity...
August 23, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code by security researcher Justin W. Clarke can be used to decrypt SSL traffic between an end user and a RuggedCom network device...
August 17, 2012 Added by:Infosec Island Admin
Independent security researchers have identified multiple vulnerabilities in the Tridium Niagara AX Framework software including directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely...
August 16, 2012 Added by:Infosec Island Admin
Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...
August 14, 2012 Added by:Infosec Island Admin
Kaspersky Lab recently released a report on a new information-stealing malware they have named “Gauss" which is designed to collect information and send the data to its command-and-control servers. Gauss was predominantly on systems in the Middle East, but has also been detected on networks in the US...
August 13, 2012 Added by:Infosec Island Admin
Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...
August 08, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...
August 07, 2012 Added by:Infosec Island Admin
Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...
August 06, 2012 Added by:Infosec Island Admin
Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...
August 03, 2012 Added by:Infosec Island Admin
Researchers Carlos Mario Penagos Hollmann of IOActive, Michael Messner, and Luigi Auriemma have separately identified multiple vulnerabilities in Sielco Sistemi’s Winlog application. These vulnerabilities can be remotely exploited. Exploit code is publicly available for these vulnerabilities...
August 02, 2012 Added by:Infosec Island Admin
ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...
July 25, 2012 Added by:Infosec Island Admin
Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...
July 24, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013