Industrial Control Systems
ICS-CERT: xArrow Multiple Vulnerabilities
May 25, 2012 Added by:Infosec Island Admin
Security researcher Luigi Auriemma identified and released four security vulnerabilities, along with proof-of-concept code, in the xArrow software application which may cause a denial-of-service condition or allow an attacker to execute arbitrary code...
Comments (0)
ICS-CERT: SNORT in an ICS Environment
May 23, 2012 Added by:Infosec Island Admin
A major obstacle for ICS security is how to test and deploy security tools in the ICS space. Now, the open-source IT security research community has paired with ICS teams, DHS, NESCO, and other stakeholders to research ICS network threats and produce tools to address them...
Comments (0)
ICS-CERT: From the Trenches - A Tabletop Exercise
May 22, 2012 Added by:Infosec Island Admin
Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...
Comments (0)
ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow
May 21, 2012 Added by:Infosec Island Admin
Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...
Comments (0)
ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities
May 18, 2012 Added by:Infosec Island Admin
The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...
Comments (0)
ICS-CERT: Wonderware Unicode String Vulnerability
May 17, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...
Comments (0)
Smart Grid Security: An Inside View from Patrick C. Miller
May 16, 2012 Added by:Larry Karisny
A March survey revealed that two-thirds energy security professionals think smart-grid projects do not adequately deal with security threats. Larry Karisny interviewed Patrick C. Miller, president and CEO of EnergySec, about the survey and the subject of smart-grid security...
Comments (0)
ICS-CERT: Risk Management for the Electricity Sector
May 14, 2012 Added by:Infosec Island Admin
The DOE collaborated with the NIST and NERC to release a second draft of the Electricity Sector Cybersecurity Risk Management Process guideline, designed with the idea that cybersecurity risk management should be driven by the business needs of the company...
Comments (0)
ICS-CERT: Progea Movicon Memory Corruption Vulnerability
May 11, 2012 Added by:Infosec Island Admin
Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...
Comments (0)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
Join ICS-CERT on the US-CERT Secure Portal
May 09, 2012 Added by:Infosec Island Admin
One of the best kept secrets in the critical infrastructure world is the US-CERT secure portal, a web-based platform that provides a mechanism for secure, unclassified information exchange between government agencies and the private sector asset owners and operators...
Comments (0)
Six Good Reasons to De-Identify Data
May 08, 2012 Added by:Rebecca Herold
Even though it sounds complicated there are many good methods you can use to accomplish de-identification. The great thing is, under many legal constructs de-identification is an acceptable way to use personal information for purposes beyond which the personal data was collected...
Comments (2)
Smart Grid Security, Challenges and Change
May 08, 2012 Added by:Larry Karisny
The cost and time of trying to become compliant with guidelines and standards will put smart-grid security years off before it can achieve any security solutions. There must be a way out of what people in the security business are now calling the "smart grid security circus"...
Comments (0)
ICS-CERT: Planning for a Cyber Incident?
May 08, 2012 Added by:Infosec Island Admin
Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...
Comments (0)
ICS-CERT: Getting Started Securing Industrial Assets
May 04, 2012 Added by:Infosec Island Admin
Over the past year significant discoveries in the areas of adversarial capabilities have identified that many companies across the 18 critical infrastructure and key resources (CIKR) are struggling to cope with the growing threats. Efforts have been taken to defend critical assets...
Comments (0)
ICS-CERT: WellinTech KingView DLL Hijack Vulnerability
May 02, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!