Blog Posts Tagged with "Programmable Logic Controllers"
Misconceptions about Aurora: Why Isn't More Being Done
April 13, 2012 Added by:Joe Weiss
The 2007 Aurora test at the Idaho National Laboratory demonstrated that if someone can gain access to a controller, the attacker will cause physical damage. As Aurora is a gap in protection of the electric grid, one way to prevent an Aurora attack is by hardware mitigation...
Comments (0)
ICS-CERT: Wago IPC Multiple Vulnerabilities
April 09, 2012 Added by:Infosec Island Admin
Multiple vulnerabilities affecting the WAGO IPC 758-870, which is an embedded Linux programmable logic controller (PLC)could allow an attacker to gain unauthorized access or to make unauthenticated configuration changes, which may include arbitrary code...
Comments (0)
ICS-CERT: Exploit Tool Releases for ICS Devices Advisory
February 16, 2012 Added by:Headlines
Security researchers and others have released tools exploiting ICS vulnerabilities. These targeted exploits are readily available through various tools and from exploit developers. Multiple threat elements are combining to significantly increase the ICS threat landscape...
Comments (0)
Iran Successfully Eradicates Stuxnet Virus Infestation
February 15, 2012 Added by:Headlines
"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game..."
Comments (0)
ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
Comments (0)
Iran Remains Defiant in Confronting Cyber Attacks
February 14, 2012 Added by:Headlines
"Iranian experts possess adequate knowledge to confront cyber threats. All nuclear facilities in the country are immune from cyber attacks... Many viruses are produced in the world every day... there has been no destructive impact inside the country," said Gholam-Reza Jalali...
Comments (1)
ICS-CERT: Siemens Simatic WinCC Vulnerabilities
January 31, 2012 Added by:Headlines
Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...
Comments (0)
ICS-CERT: Multiple PLC Zero-Day Vulnerabilities
January 24, 2012 Added by:Headlines
The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...
Comments (0)
DSecRG Releases WAGO PLC Zero-day Vulnerabilities
January 20, 2012 Added by:Alexander Polyakov
The DSecRG (ERPScan subdivision) researchers, in support of Project BaseCamp, have published a variety of 0-day vulnerabilities for the 750 series WAGO controller, for Wellintech KingSCADA, for and OPC Systems.NET, to draw the public attention to SCADA vulnerabilities...
Comments (1)
Hacking PLC SCADA Systems: Easy as Pushing a Button
January 20, 2012 Added by:Dan Dieterle
Metasploit is used for network security and penetration testing. There are automated options that you can use that will try numerous exploits against a system, and give you a remote shell if one works. Taking this technology and adding PLC exploits is truly scary...
Comments (1)
ICS-CERT: General Electric D20ME PLC Vulnerability
January 20, 2012 Added by:Headlines
The GE D20ME PLC vulnerability is exploitable by utilizing TFTP connections to the controller. The report is based on information presented by Reid Wightman during Digital Bond’s SCADA Security Scientific Symposium without coordination with the vendor or ICS-CERT...
Comments (0)
ICS-CERT Issues New SCADA Vulnerability Advisory
December 14, 2011 Added by:Headlines
Santamarta uncovered multiple hidden accounts with default passwords in the systems that could allow an attacker to remotely access the network, view and modify the module's firmware, execute arbitrary malicious code, or cause a denial of service interruption...
Comments (0)
Researcher Traces Stuxnet/Duqu Timeline Back to 2006
December 02, 2011 Added by:Headlines
"May 2006 - Engineers compile code for a component of Stuxnet that will allow them to attack programmable logic controllers, or PLCs, manufactured by Siemens of Germany. Iran's nuclear program uses Siemens PLCs to control the gas centrifuges in its uranium enrichment facilities..."
Comments (3)
Stuxnet II Found in the Wild - Dubbed “Duqu”
October 19, 2011 Added by:Headlines
“Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents..."
Comments (1)
Anonymous, SCADA, Lulz, DHS, and Motivations
October 18, 2011 Added by:Scot Terban
The motivations of DHS have also been called into question by some. This is especially prescient since they take pains to say that the Anonymous movement “most likely” does not have the technical means and motive to really pull of these types of attacks on the infrastructure. So why even bother?
Comments (0)
Logical Fallacies and the SCADA Security Problem
October 14, 2011 Added by:Craig S Wright
What is at stake is the loss of life and property that will result from compromised SCADA systems. Not just PLCs as the opponents of this position like to presuppose, but Windows XP and other systems that act as controllers. You think this does not occur? Well there you are wrong...
Comments (3)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)