SCADA
ICS-CERT: Risk Management for the Electricity Sector
May 14, 2012 Added by:Infosec Island Admin
The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...
Comments (0)
ICS-CERT: Progea Movicon Memory Corruption Vulnerability
May 11, 2012 Added by:Infosec Island Admin
Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...
Comments (0)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
Join ICS-CERT on the US-CERT Secure Portal
May 09, 2012 Added by:Infosec Island Admin
One of the best kept secrets in the critical infrastructure world is the US-CERT secure portal, a web-based platform that provides a mechanism for secure, unclassified information exchange between government agencies and the private sector asset owners and operators...
Comments (0)
Smart Grid Security, Challenges and Change
May 08, 2012 Added by:Larry Karisny
The cost and time of trying to become compliant with guidelines and standards will put smart-grid security years off before it can achieve any security solutions. There must be a way out of what people in the security business are now calling the "smart grid security circus"...
Comments (0)
ICS-CERT: Planning for a Cyber Incident?
May 08, 2012 Added by:Infosec Island Admin
Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...
Comments (0)
US Gas Pipeline Companies Under Major Cyber Attack
May 07, 2012 Added by:Headlines
“Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated 'spear-phishing' campaign..."
Comments (0)
ICS-CERT: Getting Started Securing Industrial Assets
May 04, 2012 Added by:Infosec Island Admin
Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...
Comments (0)
DHS: Industrial Control Systems Threats Increasing
May 03, 2012 Added by:Headlines
“We pay particular attention to industrial control systems. We’re seeing a troubling increase in the threats and the vulnerabilities associated with those. But we are making progress on that, I think,” DHS deputy undersecretary for cybersecurity Mark Weatherford said...
Comments (0)
ICS-CERT: WellinTech KingView DLL Hijack Vulnerability
May 02, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability...
Comments (0)
ICS-CERT: Event Auditing and Log Management
April 30, 2012 Added by:Infosec Island Admin
Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...
Comments (0)
Are ICS Vendors Really to Blame for Insecure Systems?
April 27, 2012 Added by:Joe Weiss
The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...
Comments (0)
ICS-CERT: RuggedCom Weak Cryptography Vulnerability
April 27, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...
Comments (0)
Remember Public Cellular Networks in Smart Meter Adoption
April 26, 2012 Added by:Brent Huston
ICS/SCADA owners must strive to clearly identify their needs around cellular technologies, clearly demarcate the requirements for private/segmented/public cellular network use and understand the benefits/issues and threats of what they are utilizing...
Comments (0)
ICS-CERT: What does a Cyber Attack Feel Like?
April 26, 2012 Added by:Infosec Island Admin
The free ICS Advanced Cybersecurity training offers step-by-step guidance on network discovery, exploitation, defense, and detection. After the 3 full days of classroom instruction participants are armed with an arsenal of cyber attack and defense tools and techniques...
Comments (0)
ICS-CERT: Social Engineering and SCADA Security
April 24, 2012 Added by:Infosec Island Admin
Social engineering attempts can be highly targeted and conducted in a way that is much more difficult to detect than the spam and phishing emails we receive in our inbox. Phone-based social engineering attempts were recently experienced at two or more power distribution companies...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?