SCADA

E313765e3bec84b2852c1c758f7244b6

Monitoring: an Absolute Necessity (but a Dirty Word Nonetheless)

February 17, 2014 Added by:Brent Huston

There is no easier way to shut down the interest of a network security or IT administrator than to say the word "monitoring." You can just mention the word and their faces fall as if a rancid odor had suddenly entered the room! And I can’t say that I blame them.

Comments  (2)

03b2ceb73723f8b53cd533e4fba898ee

Crowd-Funding Site Kickstarter Hacked

February 17, 2014 Added by:Pierluigi Paganini

The popular crowd funding website Kickstarter is the lastest victim of a data breach.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Threat Intelligence is NOT Signatures!

February 10, 2014 Added by:Anton Chuvakin

If you are receiving a list of IPs from somewhere and then blindly dropping them into your ACLs or NIPS signatures, you are not doing threat intelligence (TI).

Comments  (4)

D8853ae281be8cfdfa18ab73608e8c3f

Hostname Bruteforcing on the Cheap

February 03, 2014 Added by:Rob Fuller

There are some great discussions on the NoVA Hackers mailing list. One such discussion was about what the best way to do dns hostname brute forcing was and which tool is better than another. For me, I just use the command line and then parse the results (or just ask the deepmagic.com database ;–)

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Why the FCC Can't Actually Save Net Neutrality

January 27, 2014 Added by:Electronic Frontier Foundation

Some people have condemned last week’s court decision to reject the bulk of the Federal Communications Commission’s (FCC) Open Internet Order as a threat to Internet innovation and openness. Others hailed it as a victory against dangerous government regulation of the Internet. Paradoxically, there is a lot of truth to both of these claims.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Israeli Defense Systems Hacked with Xtreme RAT Trojan

January 27, 2014 Added by:Anthony M. Freed

The attackers used a spear-phishing email designed to look like it was sent by the country’s Shin Bet secret security service which contained a malicious attachment that infected the systems with the Xtreme RAT software, a remote access tool.

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Business Impact Analysis: A Good Way to Jumpstart an Information Security Program

January 27, 2014 Added by:Brent Huston

BIA (business impact analysis) is traditionally seen as part of the business continuity process. It helps organizations recognize and prioritize which information, hardware and personnel assets are crucial to the business so that proper planning for contingency situations can be undertaken.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

An ICS Cyber Vulnerability Beyond Stuxnet

January 22, 2014 Added by:Joe Weiss

With all of the new vulnerabilities being found, maybe there should be a consideration for all critical control and safety systems to go “back to the future” – 4-20ma point-to-point serial.

Comments  (0)

86d8831c7ce6fcda920aac867a984d98

Improving SCADA System Security (Part 1)

December 21, 2013 Added by:InfoSec Institute

Supervisory control and data acquisition (SCADA) networks are considered by cyber strategists to be the backbone of any country. Critical infrastructure, and in particular control systems, require protection from a variety of cyber threats that could compromise their ordinary operation.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Cyber Security Framework Lacks Mitigating Controls and Cloud Security

December 11, 2013 Added by:Anthony M. Freed

Given the pace that both government and the private sector are migrating mission-critical operations to managed service providers, should NIST take steps to identify Cloud-based offerings as part of the nation’s critical infrastructure?

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Industrial Control Industry Slow to Adopt Security Configuration Management: Survey

November 13, 2013 Added by:InfosecIsland News

Tripwire unveiled the results of a study comparing risk-based security management in the industrial sector to that of other industries.

Comments  (0)

54b393d8c5ad38d03c46d060fa365773

Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community.

November 12, 2013 Added by:Jason Clark

Security Advisor Alliance is a nonprofit group of Top security leaders from the Global 1000 who have come together to donate time each week to help our peers in any area of security as a pro-bono service.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

DNP3 Vulnerabilities Part 1 of 2: NERC’s Electronic Security Perimeter is Swiss Cheese

November 07, 2013 Added by:Eric Byres

If you have been following SCADA news in the last month, you might have noticed an avalanche of reports and blogs on new security vulnerabilities in power industry equipment. So far, vulnerability disclosures for 9 products using the DNP3 protocol have been released by the ICS-CERT, with another 21 SCADA product disclosures on their way.

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

A Renaissance in the Manufacturing and Industrial Sectors

October 24, 2013 Added by:Rafal Los

After what appears to be decades of systematically ignoring security challenges, the recent climate of breaches seems to have shaken something loose. Purse strings have loosened. Boards have begun to ask security questions when they have never done so before. And most of all, I'm seeing several organizations formally hiring CISOs and giving them both accountability and control over the security fu...

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

Enough Clucking – Start Fixing the SCADA Security Problem

September 12, 2013 Added by:Eric Byres

I am not a SCADA Apologist. If anything, I consider people like myself and Joel Langill to be SCADA Realists. Clearly Joel and I believe security is important. If we didn’t, we wouldn’t be in this business. And our clients don’t pay us to hear: “Do nothing; it’s the other guy’s fault.”

Comments  (0)

98180f2c2934cab169b73cb01b6d7587

Cyber Security and Terrorism – See Something, Say Something

August 08, 2013 Added by:Jon Stout

he existing cyber security computing model of the past decade, based on firewalls, anti-viral services, intrusion detection controls, etc., is no longer adequate to help organizations mitigate cyber-security risk.

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »