Items Tagged with "ICS"


ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)


What's More Important - Vulnerabilities or Actual Incidents?

February 13, 2012 Added by:Joe Weiss

To at least some of us in the control systems community these vulnerabilities are not unexpected. The fact that many of these systems are also connected to the Internet as Eireann Leverett demonstrated is also not new, even though the numbers of control system connected to the Internet are striking.

Comments  (0)


ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities

February 10, 2012 Added by:Headlines

ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...

Comments  (0)


ICS-CERT: Invensys Wonderware HMI XSS Vulnerabilities

February 09, 2012 Added by:Headlines

Researchers Billy Rios and Terry McCorkle have identified cross-site scripting (XSS) and write access violation vulnerabilities in the Invensys Wonderware HMI reports product that could result in data leakage, denial of service, or remote code execution...

Comments  (0)


ICS-CERT: Punzenberger COPA-DATA HMI Vulnerabilities

February 08, 2012 Added by:Headlines

Researcher Kuang-Chun Hung has identified multiple denial-of-service (DoS) vulnerabilities in the Ing. Punzenberger COPA-DATA GmbH zenon human-machine interface (HMI) system which may allow an attacker to execute a DoS attack and potentially execute arbitrary code...

Comments  (0)


ICS-CERT: Brute Force and SSH Scanning Attacks

February 06, 2012 Added by:Headlines

ICS-CERT is aware that systems that provide SSH command line access are common targets for “brute force” attacks. As recently as this week, ICS-CERT received a report from an electric utility experiencing unsuccessful brute force activity against their networks...

Comments  (0)


ICS-CERT Monthly Monitor for January 2012

February 02, 2012

The ICS-CERT Monthly Monitor offers a means of promoting preparedness, information sharing, and collaboration with the 18 critical infrastructure/key resource sectors and through sector briefings, meetings, conferences, and information product releases...

Comments  (0)


Stuxnet: Are We Safe Now? Of Course Not...

January 31, 2012 Added by:Pierluigi Paganini

We are fighting with an invisible enemy. We are under attack, and we have no idea of the potentiality of agents that theatrically could remain in stealth mode inside the target, avoiding security systems for several years, gathering information and preparing the final attack...

Comments  (0)


ICS-CERT: Siemens Simatic WinCC Vulnerabilities

January 31, 2012 Added by:Headlines

Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...

Comments  (0)


10,358 Industrial Control Systems Connected to the Internet

January 27, 2012 Added by:Joel Harding

Hackers rely upon human error to allow them to penetrate many systems because systems administrators fail to secure their systems. Many of the owners of the systems were not even aware their system was hooked up to the internet. This should be cause for alarm...

Comments  (1)


ICS-CERT: Open Automation Software OPC Systems.NET Vulnerabilities

January 27, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET along with proof-of-concept exploit code. Digital Security Research Group publicly reported the vulnerability in a third-party ActiveX control...

Comments  (0)


ICS-CERT: MICROSYS spol. s r.o. PROMOTIC Vulnerabilities

January 26, 2012 Added by:Headlines

The MICROSYS spol. s r.o. PROMOTIC vulnerabilities include directory traversal, ActiveX heap overflow, and ActiveX stack overflow vulnerabilities. Public exploits are known to target these vulnerabilities which may result in denial of service or data leakage...

Comments  (0)


Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)


ICS-CERT: Ocean Data Systems Dream Report Vulnerabilities

January 25, 2012 Added by:Headlines

A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. An attacker with a low skill level can create the XSS exploit. A write access violation vulnerability also exists in the application...

Comments  (0)


Curran-Gardner: A Smoking Gun, But Where's the Body?

January 25, 2012 Added by:Bob Radvanovsky

Curran-Gardner: A contractor for a control systems outsourcing company had accessed one of his customer's systems from a foreign country, only to be confused with a foreign-national actor with malicious intent, but one question still remains: What really happened to the pump?

Comments  (0)


Cyberwar Comes to a Mall in Fresno? Not so Much...

January 24, 2012 Added by:Infosec Island Admin

A Pastebin dump alleged to be from Anonymous has forty-nine IP addresses with SCADA systems on them. Furthermore, those systems were claimed to not have any authentication on them whatsoever. I checked the IP’s and I have to say “meh” on this little dump by the skiddies...

Comments  (5)

Page « < 3 - 4 - 5 - 6 - 7 > »