US-CERT

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Rockwell Automation FactoryTalk Vulnerability

January 21, 2012 Added by:Headlines

Multiple vulnerabilities have been with proof-of-concept exploit code affecting Rockwell Automation FactoryTalk, a SCADA/HMI product. The vulnerability is exploitable by sending specially crafted packets to the server. This report was released by Luigi Auriemma...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Schneider Quantum Ethernet Module Vulnerability

January 20, 2012 Added by:Headlines

Researcher Rubén Santamarta previously announced hard-coded credentials in the Schneider Electric Quantum Ethernet Module.Exploitation of these vulnerabilities may allow an attacker to gain elevated privileges, load modified firmware, or perform malicious activities on the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: General Electric D20ME PLC Vulnerability

January 20, 2012 Added by:Headlines

The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Certec EDV GmbH App DoS Vulnerability

January 19, 2012 Added by:Headlines

Independent researcher Luigi Auriemma has identified a denial of service (DoS) vulnerability in Certec EDV GmbH atvise application. Certec has produced an update that resolves this vulnerability. Mr. Auriemma validated that the update resolves the vulnerability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Cogent DataHub Application Vulnerability

January 18, 2012 Added by:Headlines

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability

January 17, 2012 Added by:Headlines

Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Open Automation Software OPC Systems Vulnerability

January 13, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 3S Smart Software CoDeSys Vulnerabilities

January 10, 2012 Added by:Headlines

Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX

January 05, 2012 Added by:Headlines

Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Cybersecurity in Today's World

December 31, 2011 Added by:Larry Karisny

Curt Massey spent a 35-year career protecting our national security. His military service, civilian law enforcement, corporate security and military contracting experiences have imbued him with the unpleasant knowledge of our core vulnerabilities and a visceral drive to build a team capable of finding answers...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CERT Warns of Holiday Phishing and Malware Campaigns

December 06, 2011 Added by:Headlines

"US-CERT encourages users and administrators to use caution when encountering email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Is the Security Response System for SCADA-ICS Broken?

December 05, 2011 Added by:Headlines

"Publicly disclosing affected identity names and incident information is highly unusual and not part of ICS-CERT's normal incident reporting and triage procedures. In this particular case, because unconfirmed information had already been leaked to the public..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT Issues Illinois Water Pump Failure Report

November 24, 2011 Added by:Headlines

ICS-CERT and the FBI found no evidence of a cyber intrusion... In addition, there is no evidence to support claims made in the initial Illinois STIC report... that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CERT Warns of Iconics SCADA Software Vulnerability

May 13, 2011 Added by:Headlines

GenVersion.dll is a component used by the WebHMI interface. By passing a specially crafted string to the SetActiveXGUID method, it is possible to overflow a static buffer and execute arbitrary code with the privileges of the logged on user. Users could be lured to malicious sites...

Comments  (1)

509ea0c1f4a210534eb004d35c10aa2d

ISAlliance on Finance Sector Cybersecurity

May 11, 2010 Added by:Marjorie Morgan

The lack of software quality or assurance in the products we use within our tech infrastructure. There are simply too many vulnerabilities out there to exploit; this is the underlying heart to most of the problems we face. It allows hackers, criminals or nation states to attack the confidentiality of our information or even the integrity of our information.

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »