Industrial Control Systems
ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities
April 20, 2012 Added by:Infosec Island Admin
ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...
Comments (0)
ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability
April 18, 2012 Added by:Infosec Island Admin
Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...
Comments (0)
NIST Workshop: Cybersecurity for Cyber-Physical Systems
April 18, 2012
On April 23 and 24, 2012, the NIST ITL Computer Security Division will host a two-day workshop about the cyber security needed for cyber-physical systems, with a focus on results of research and real-world deployment experiences. Agenda and abstracts available here...
Comments (0)
All the Lights Will Not Go Out in a Cyber Attack
April 17, 2012 Added by:Dan Dieterle
One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...
Comments (5)
ICS-CERT: Certec WebMI2ADS Multiple Vulnerabilities
April 17, 2012 Added by:Infosec Island Admin
Researcher Luigi Auriemma has identified multiple vulnerabilities in Certec’s WebMI2ADS application. Successful exploitation of these vulnerabilities may allow an attacker to cause a denial of service (DoS) or could lead to data leakage...
Comments (0)
ICS-CERT: Koyo Ecom100 Multiple Vulnerabilities
April 16, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...
Comments (0)
Information Sharing and the ICS-ISAC
April 15, 2012 Added by:Chris Blask
The topic of information sharing has become one of the most interesting in finding “The Solution” to ICS security. Aspects securing industrial control systems – including timing, technology and workforce – suggest that answers lie less in technology and more in Robert’s Rules...
Comments (2)
Misconceptions about Aurora: Why Isn't More Being Done
April 13, 2012 Added by:Joe Weiss
The 2007 Aurora test at the Idaho National Laboratory demonstrated that if someone can gain access to a controller, the attacker will cause physical damage. As Aurora is a gap in protection of the electric grid, one way to prevent an Aurora attack is by hardware mitigation...
Comments (0)
ICS-CERT: MICROSYS PROMOTIC Vulnerability POC
April 13, 2012 Added by:Infosec Island Admin
Researcher Luigi Auriemma identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application wgich may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code...
Comments (0)
ICS-CERT: Siemens Scalence S Multiple Vulnerabilities
April 12, 2012 Added by:Infosec Island Admin
Siemens has reported two security vulnerabilities in the Scalance S Security Module firewall - a brute-force credential guessing vulnerability in the web configuration and a stack-based buffer overflow vulnerability in the Profinet DCP protocol stack...
Comments (0)
ICS-CERT: ABB Multiple Components Buffer Overflow
April 11, 2012 Added by:Infosec Island Admin
Researchers have identified a buffer overflow vulnerability in multiple components of the ABB WebWare Server application which could lead to a denial-of-service for the application and privilege escalation or could allow an attacker to execute arbitrary code...
Comments (0)
ICS-CERT: 3S-Software CoDeSys Improper Access Control
April 10, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of improper access control vulnerability affecting 3S-Software CoDeSys which could allow an attacker can upload unauthenticated configuration changes to the PLC which may include arbitrary code...
Comments (0)
Video: Cyber Security for Smart Energy Systems
April 09, 2012
Chris Wysopal discusses why it is so important to the power grid to write secure code for software, how computer intrusion methods have changed in over past two decades, the impact of data breaches on modern organizations, and the necessity for thorough testing prior to launch...
Comments (0)
Meetings with DOD and Congress on SCADA Security
April 09, 2012 Added by:Joe Weiss
I was asked by DOD how to get an organization to address OT security. The only chance for OT security to succeed is if senior management drives it. There are only a few utilities whose senior management mandated they be secure not just compliant. What a sorry commentary...
Comments (1)
ICS-CERT: Wago IPC Multiple Vulnerabilities
April 09, 2012 Added by:Infosec Island Admin
Multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC)could allow an attacker to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code...
Comments (0)
LIGHTS Webinar: Cybersecurity Across Critical Infrastructures
April 08, 2012 Added by:Chris Blask
LIGHTS is a private-private non-profit partnership which provides a collaborative space to promote cybersecurity situational awareness across critical infrastructures. The goal of LIGHTS is to increase visibility into threats by making security monitoring ubiquitous...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)