Items Tagged with "SCADA"


7fef78c47060974e0b8392e305f0daf0

The FUD Files: Cyber Attacks on Our Water Systems

November 20, 2011 Added by:Infosec Island Admin

Sure, the vulnerable system was online for anyone to hit up AND it was in such an un-secured state that pretty much anyone with a pulse could have messed with it. However, The FUD response from the government and the media will be the real disaster that will cause the most damage...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

South Houston's Water Supply Network Hacked

November 18, 2011 Added by:Headlines

"No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the internet... This required almost no skill and could be reproduced by a two year old..."

Comments  (0)

Aadb52f9100e0d31264fb3ce9e3d2536

US Water System Hacked: A Community-Wide Issue

November 18, 2011 Added by:Robert M. Lee

Information is still coming out on this event and the DHS has stated that they and FBI are still gathering information but believe none of the information so far indicates a risk to critical infrastructure. However, the concerns this incident raises are valid regardless...

Comments  (3)

7b072d611db66025d89ff3137dcddfb3

Are Web Services a Dumb Idea?

November 16, 2011 Added by:Joel Langill

First, you need to expand your concept of an “embedded web server” beyond something that a user would use when launching a browser and entering a URL for the device. Vendors actually use embedded web servers for a number of reasons, and many of these vendors are leaders in the industry...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Utility Cyber Security is in a State of Near Chaos

November 16, 2011 Added by:Headlines

"Utility cyber security is in a state of near chaos. After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand..."

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Thoughts on the Ohio SCADA Security Symposium

November 15, 2011 Added by:Brent Huston

One of the largest identified issues among the conversations at the symposium was the idea that cooperation and coordination between control network operators and engineers and their peers on the traditional business-oriented IT staff is difficult, if not nearly impossible...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

IEEE Addresses SCADA Security Standard Challenges

November 08, 2011 Added by:Headlines

"As the rate of bolder, more sophisticated cyber attacks continues to spiral upward, ensuring data integrity and security has become increasingly challenging. By necessity, preventing unauthorized intrusion into critical systems has become a top priority..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Critical Infrastructure Protection Declines

November 01, 2011 Added by:Headlines

“The findings of this survey are somewhat alarming, given recent attacks like Nitro and Duqu that have targeted critical infrastructure providers,” said Dean Turner, director, Global Intelligence Network for Symantec...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Analysis: Duqu Trojan is Not on Par with Stuxnet

October 31, 2011 Added by:Headlines

"Both Duqu and Stuxnet are highly complex programs with multiple components. All of the similarities from a software point of view are in the "injection" component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated..."

Comments  (0)

7b072d611db66025d89ff3137dcddfb3

Gleg releases Ver 1.7 of the SCADA+ Exploit Pack

October 24, 2011 Added by:Joel Langill

On October 20, Gleg released version 1.7 of the SCADA+ Exploit Pack for the Immunity Canvas framework, though this time around, I do not see a lot of unique value in the code updates. Modules of interest in this release represent the bulk of the ICS/SCADA vulnerabilities disclosed in September...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Stuxnet, Duqu Take Malware to Next Level of Cyberwarfare

October 24, 2011 Added by:Kelly Colgan

Duqu executes a reconnaissance mission by collecting design documents from an entity—critical industrial infrastructure components such as SCADA systems—to facilitate a future attack. It’s naïve to think we’re immune to these advanced cyberthreats, even with many layers of protection...

Comments  (0)

7b072d611db66025d89ff3137dcddfb3

Want the Source Code to Stuxnet? Come and Get It

October 20, 2011 Added by:Joel Langill

Though this does not reflect true "source code", it does provide high-level language which can be re-compiled for another purpose. I reviewed much of the code, and though it did not contain 100% of the Stuxnet functionality, it did contain a large portion of the working malware...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

The Son of Stuxnet? Methinks the Cart be Before Ye Horse

October 19, 2011 Added by:Infosec Island Admin

And therein lies the rub. DUQU has a 36 day shelf life. Now, this is good from a foot-printing level AND could be excellent for setting up the next attack vector that could include the component of sustained access. It was a recon mission and that was all...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Son of Stuxnet - A Not so Melodrama?

October 19, 2011 Added by:Kevin McAleavey

Speculation about Duqu is that it's a precursor to another attack against embedded systems, and has been gathering information already about industrial systems, particularly engineering data and other design information...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

Stuxnet II Found in the Wild - Dubbed “Duqu”

October 19, 2011 Added by:Headlines

“Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents..."

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

Anonymous, SCADA, Lulz, DHS, and Motivations

October 18, 2011 Added by:Infosec Island Admin

The motivations of DHS have also been called into question by some. This is especially prescient since they take pains to say that the Anonymous movement “most likely” does not have the technical means and motive to really pull of these types of attacks on the infrastructure. So why even bother?

Comments  (0)

Page « < 17 - 18 - 19 - 20 - 21 > »