Items Tagged with "Industrial Control Systems"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

Companies Focus on Growth But Lag Behind Threats

June 20, 2012 Added by:Bob Radvanovsky

Industries that are regulated or that have to adhere to a standard feel that if they simply follow the requirements that they are secured. This is a misnomer, as adherence to a regulation, governance or compliance standard is a good start, but it does not necessarily mean that an organization is "secure"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NARUC: Cybersecurity Guidance for State Utility Regulators

June 20, 2012 Added by:Infosec Island Admin

“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

2dc39ef06d1ad53bea80d28b84f3aa7e

India on Stuxnet Alert

June 19, 2012 Added by:Gregory Hale

The Indian government authorized two agencies to carry out state-sponsored attacks if necessary. The Indian National Security Council is currently finalizing plans that would give the Defense Intelligence Agency and National Technical Research Organization the power to carry out unspecified offensive operations...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Buffer Overflow

June 18, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept exploit code affecting Sielco Sistemi Winlog. The vulnerability is exploitable by sending specially crafted requests to TCP/46824 which could result in a denial of service and remote code execution...

Comments  (0)

5106d48203954b74e6ea495e5c7f21b0

The Need for Improved Critical Infrastructure Protection

June 13, 2012 Added by:William Mcborrough

Tackling the problem of critical infrastructure protection will take concerted efforts from the public and private sectors. An appropriate governance structure is needed to avoid the inevitable over-reaction that will follow the inevitable catastrophic attack against our critical infrastructure...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Credential Management

June 13, 2012 Added by:Infosec Island Admin

Credential caching should be disabled on all machines. A common technique employed by attackers is referred to as “pass the hash.” The pass the hash technique uses cached password hashes extracted from a compromised machine to gain access to additional machines on the domain...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Cybergate: Stuxnet and Flame are Related

June 11, 2012 Added by:Joel Harding

Contrary to previous reports that Stuxnet and Flame were unrelated, the authors apparently worked together at one point. If this is the case we might begin looking for evidence of more code from Operation Olympic Games floating around. Flame provides a framework for future warfare in cyberspace...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens WinCC Multiple Vulnerabilities

June 08, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...

Comments  (0)

296634767383f056e82787fcb3b94864

The Myth of the CIA and the Trans-Siberian Pipeline Explosion

June 07, 2012 Added by:Jeffrey Carr

If you repeat a rumor often enough, it becomes a fact. Such is the case with the oft-repeated rumor the CIA was responsible for the Trans-Siberian pipeline explosion in 1982 by sabotaging the SCADA system. The latest iteration of that rumor was in the Washington Post's special report on cybersecurity called Zero Day...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Post-Stuxnet: Siemens Improves ICS-SCADA Security

June 07, 2012 Added by:Headlines

"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

sKyWIper-Flame Malware Cryptographic Collision Attack

June 07, 2012 Added by:Infosec Island Admin

The sKyWIper malware uses a new cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft. However, code-signing without performing a collision is also possible. This is an avenue for compromise that may be used by additional attackers..

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Detection and Mitigation Recommendations

June 06, 2012 Added by:Infosec Island Admin

While it might seem reasonable to find and eliminate the intruder on a machine-by-machine basis as compromised hosts are identified, unless the response execution prevents lateral movement of the adversary across the network, the cleanup process will likely not succeed...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

DOE: Twenty-One Steps to Improve SCADA Security

June 05, 2012

Action is required by all organizations to secure their SCADA networks as part of the effort to protect the nation’s critical infrastructure. The President’s Critical Infrastructure Protection Board and the Department of Energy have developed steps to help organizations improve SCADA security...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »