Blog Posts Tagged with "Programmable Logic Controllers"
April 13, 2012 Added by:Joe Weiss
The 2007 Aurora test at the Idaho National Laboratory demonstrated that if someone can gain access to a controller, the attacker will cause physical damage. As Aurora is a gap in protection of the electric grid, one way to prevent an Aurora attack is by hardware mitigation...
April 09, 2012 Added by:Infosec Island Admin
Multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC)could allow an attacker to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code...
February 16, 2012 Added by:Headlines
Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...
February 15, 2012 Added by:Headlines
"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game..."
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
February 14, 2012 Added by:Headlines
"Iranian experts possess adequate knowledge to confront cyber threats. All nuclear facilities in the country are immune from cyber attacks... Many viruses are produced in the world every day... there has been no destructive impact inside the country," said Gholam-Reza Jalali...
January 31, 2012 Added by:Headlines
Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...
January 24, 2012 Added by:Headlines
The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...
January 20, 2012 Added by:Alexander Polyakov
The DSecRG (ERPScan subdivision) researchers, in support of Project BaseCamp, have published a variety of 0-day vulnerabilities for the 750 series WAGO controller, for Wellintech KingSCADA, for and OPC Systems.NET, to draw the public attention to SCADA vulnerabilities...
January 20, 2012 Added by:Dan Dieterle
Metasploit is used for network security and penetration testing. There are automated options that you can use that will try numerous exploits against a system, and give you a remote shell if one works. Taking this technology and adding PLC exploits is truly scary...
January 20, 2012 Added by:Headlines
The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...
December 14, 2011 Added by:Headlines
Santamarta uncovered multiple hidden accounts with default passwords in the systems that could allow an attacker to remotely access the network, view and modify the module's firmware, execute arbitrary malicious code, or cause a denial of service interruption...
December 02, 2011 Added by:Headlines
"May 2006 - Engineers compile code for a component of Stuxnet that will allow them to attack programmable logic controllers, or PLCs, manufactured by Siemens of Germany. Iran's nuclear program uses Siemens PLCs to control the gas centrifuges in its uranium enrichment facilities..."
October 19, 2011 Added by:Headlines
“Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents..."
October 18, 2011 Added by:Scot Terban
The motivations of DHS have also been called into question by some. This is especially prescient since they take pains to say that the Anonymous movement “most likely” does not have the technical means and motive to really pull of these types of attacks on the infrastructure. So why even bother?
October 14, 2011 Added by:Craig S Wright
What is at stake is the loss of life and property that will result from compromised SCADA systems. Not just PLCs as the opponents of this position like to presuppose, but Windows XP and other systems that act as controllers. You think this does not occur? Well there you are wrong...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013