Items Tagged with "Infrastructure"
June 04, 2012
Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches...
May 31, 2012 Added by:Headlines
"Targeted attacks are increasing dramatically. It could be state sponsored or it could be just hacktivists or it could be a cyber criminal organisation. But we know the number one target is government institutions and the second is manufacturing, including oil and gas..."
May 29, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application which may lead to arbitrary code execution...
May 28, 2012 Added by:Chris Blask
Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...
May 22, 2012 Added by:Matthijs R. Koot
In 2009, there was a discussion on a forum for pilots about an article that argued that a commercial aircraft could be brought down by DIY EMP bombs. Also in 2009, the U.S. Patent Application for an Electromagnetic pulse (EMP) hardened information infrastructure was filed...
May 22, 2012 Added by:Infosec Island Admin
Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...
May 22, 2012 Added by:Headlines
Malware such as Stuxnet and Duqu have led to the recognition of broader systemic vulnerabilities within critical infrastructure which until recently have been largely disconnected. Addressing the resiliency of these systems must occur at technical, organizational and policy levels...
May 21, 2012 Added by:Headlines
Speaking at AusCERT, SCADA security expert Eric Byres stated that “the whole concept of trying to protect SCADA systems with air gaps is a myth" perpetuated by those who believe "bad things will never happen to the control systems..."
May 21, 2012 Added by:Infosec Island Admin
Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...
May 18, 2012 Added by:Rafal Los
Here's the problem - when it comes to critical infrastructure protection it's very difficult to legislate and regulate the organizations that matter into a state of better security. The problem is that in order to enforce policy and rules there either have to be consequences to failing, or incentives not to fail - or both...
May 18, 2012 Added by:Headlines
“It’s not possible to protect. Stuxnet told us that modern systems are not protected... SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere... [We] need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure..."
May 17, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...
May 16, 2012 Added by:Larry Karisny
A March survey revealed that two-thirds energy security professionals think smart-grid projects do not adequately deal with security threats. Larry Karisny interviewed Patrick C. Miller, president and CEO of EnergySec, about the survey and the subject of smart-grid security...
May 16, 2012 Added by:Matthijs R. Koot
The Dutch Ministry of Defense's (MoD) annually issues a "Defense Innovation Competition" is a competition that is intended to get input from and foster relations with Dutch industry and SME. This year's theme is "CYBER Operations 2.0"...
May 14, 2012 Added by:William Mcborrough
We know that some attacks on our privately owned critical infrastructure have been attributed to foreign government networks. Would it be wise to license companies to attack these networks? The last thing we need is an international incident started by some SysAdmin..
May 14, 2012 Added by:Infosec Island Admin
The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...