Items Tagged with "ICS"


69dafe8b58066478aea48f3d0f384820

ICS-CERT: Exploit Tool Releases for ICS Devices Advisory

February 16, 2012 Added by:Headlines

Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

What's More Important - Vulnerabilities or Actual Incidents?

February 13, 2012 Added by:Joe Weiss

To at least some of us in the control systems community these vulnerabilities are not unexpected. The fact that many of these systems are also connected to the Internet as Eireann Leverett demonstrated is also not new, even though the numbers of control system connected to the Internet are striking.

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities

February 10, 2012 Added by:Headlines

ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware HMI XSS Vulnerabilities

February 09, 2012 Added by:Headlines

Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Punzenberger COPA-DATA HMI Vulnerabilities

February 08, 2012 Added by:Headlines

Researcher Kuang-Chun Hung has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system which may allow an attacker to execute a DoS attack and potentially execute arbitrary code...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT Monthly Monitor for January 2012

February 02, 2012

The ICS-CERT Monthly Monitor offers a means of promoting preparedness, information sharing, and collaboration with the 18 critical infrastructure/key resource sectors and through sector briefings, meetings, conferences, and information product releases...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Stuxnet: Are We Safe Now? Of Course Not...

January 31, 2012 Added by:Pierluigi Paganini

We are fighting with an invisible enemy. We are under attack, and we have no idea of the potentiality of agents that theatrically could remain in stealth mode inside the target, avoiding security systems for several years, gathering information and preparing the final attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Simatic WinCC Vulnerabilities

January 31, 2012 Added by:Headlines

Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

10,358 Industrial Control Systems Connected to the Internet

January 27, 2012 Added by:Joel Harding

Hackers rely upon human error to allow them to penetrate many systems because systems administrators fail to secure their systems. Many of the owners of the systems were not even aware their system was hooked up to the internet. This should be cause for alarm...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Open Automation Software OPC Systems.NET Vulnerabilities

January 27, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET along with proof-of-concept exploit code. Digital Security Research Group publicly reported the vulnerability in a third-party ActiveX control...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: MICROSYS spol. s r.o. PROMOTIC Vulnerabilities

January 26, 2012 Added by:Headlines

The MICROSYS spol. s r.o. PROMOTIC vulnerabilities include directory traversal, ActiveX heap overflow, and ActiveX stack overflow vulnerabilities. Public exploits are known to target these vulnerabilities which may result in denial of service or data leakage...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Ocean Data Systems Dream Report Vulnerabilities

January 25, 2012 Added by:Headlines

A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. An attacker with a low skill level can create the XSS exploit. A write access violation vulnerability also exists in the application...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

Curran-Gardner: A Smoking Gun, But Where's the Body?

January 25, 2012 Added by:Bob Radvanovsky

Curran-Gardner: A contractor for a control systems outsourcing company had accessed one of his customer's systems from a foreign country, only to be confused with a foreign-national actor with malicious intent, but one question still remains: What really happened to the pump?

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »