Blog Posts Tagged with "Industrial Control Systems"

E376ca757c1ebdfbca96615bf71247bb

Shodan: There is Now an App for That

July 11, 2012 Added by:shawn merdinger

Since October, 2010, Shodan has consistently made waves in the information security world. Like any security tool, Shodan can be leveraged by both malicious attackers and legitimate security operations to gain insights into the public IP exposure of an organization. Now enters the Shodan App...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Removable Media Flash Drive Attacks

July 10, 2012 Added by:Infosec Island Admin

A shift supervisor was using a portable flash drive for downloading information from an HMI connected to the industrial control systems. Antivirus scanners run on the removable media, the HMI machine, and other systems found the Hamweq virus on the removable media, but the other systems were clean...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities

July 02, 2012 Added by:Infosec Island Admin

Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Proficy HTML Vulnerability

June 28, 2012 Added by:Infosec Island Admin

Andrea Micalizzi identified a command injection vulnerability in a third-party HTML help application used by some GE Intelligent Platforms Proficy products. GE identified a stack-based buffer overflow vulnerability that also existed in the same component. An attacker could exploit these vulnerabilities...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Longer Term Security Recommendations

June 27, 2012 Added by:Infosec Island Admin

Network segmentation involves separating one large network into smaller functional networks using firewalls, switches, and other similar devices. Effective segmentation restricts communication between networks and can lessen the extent to which a threat can move laterally through a network...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Control System Internet Accessibility

June 25, 2012 Added by:Infosec Island Admin

ICS-CERT is tracking and has responded to multiple reports of researchers using SHODAN, Every Routable IP Project (ERIPP), Google, and other search engines to discover Internet facing control systems. ICS-CERT has identified system owners and operators to notify them of their potential vulnerability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Control Systems Company Resolves Criminal Violations

June 25, 2012 Added by:Headlines

Data Systems & Solutions LLC, a company based in Reston, Virginia, that provides design, installation, maintenance, and other services at nuclear and fossil fuel power plants, has agreed to pay an $8.82 million criminal penalty to resolve FCPA compliance violations...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware SuiteLink Unallocated Unicode String

June 22, 2012 Added by:Infosec Island Admin

Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Report Examines Increasing Threats to Critical Infrastructure

June 21, 2012 Added by:Headlines

“Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure...”

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Stuxnet, Flame, Duqu Less Dangerous than Conventional Attacks

June 21, 2012 Added by:Headlines

“Our advice to ICS and SCADA network managers is to be informed of new threats like Flame, but be especially vigilant against the more conventional, widely understood threats. In all likelihood, a simple denial-of-service attack has a better chance of wreaking havoc on their network than Stuxnet or Duqu"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Increasing Logging Capabilities

June 21, 2012 Added by:Infosec Island Admin

System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NARUC: Cybersecurity Guidance for State Utility Regulators

June 20, 2012 Added by:Infosec Island Admin

“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

2dc39ef06d1ad53bea80d28b84f3aa7e

India on Stuxnet Alert

June 19, 2012 Added by:Gregory Hale

The Indian government authorized two agencies to carry out state-sponsored attacks if necessary. The Indian National Security Council is currently finalizing plans that would give the Defense Intelligence Agency and National Technical Research Organization the power to carry out unspecified offensive operations...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »