Blog Posts Tagged with "SCADA"

E313765e3bec84b2852c1c758f7244b6

Quick and Dirty Plan for Critical Infrastructure Security Improvement

October 11, 2012 Added by:Brent Huston

I was recently engaged with some critical infrastructure experts on Twitter. We were discussing a quick and dirty set of basic tasks that could be used an approach methodology for helping better secure the power grid and other utilities. There was a significant discussion and many views were exchanged...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Revenge of the NERCs?

October 04, 2012 Added by:Tripwire Inc

Ultimately this is critical stuff. If we don’t want to find ourselves wandering the wastelands searching for food and water fighting off marauding bands of marauders (is that redundant?) its important for these ninjas to get it right and keep the pirates at bay...

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Secure Communications in Harsh Environments

October 02, 2012 Added by:Patrick Oliver Graf

For a long time, hackers only targeted the IT systems of offices or individuals. This, however, has changed as the bad guys more frequently go after unconventional targets, like industrial and oil plants, refineries of all kinds, power grids or water utilities...

Comments  (0)

70830de61015ee5312d58e6a9e0254ae

We're Under Cyber Attack INSIDE America!

October 01, 2012 Added by:Doug DePeppe

Cyberattacks are mounting. They are getting more severe, and indicate nation-state support, reportedly from Iran. The US national strategy must change. It must address the need for capability where harm from an attack on critical infrastructure will be felt in communities across America...

Comments  (4)

03b2ceb73723f8b53cd533e4fba898ee

Energy Sector Cyber Espionage: Chinese Hackers are not Alone

September 29, 2012 Added by:Pierluigi Paganini

Since last month a new campaign of cyber attacks have hit the Energy sector, all is started with the incidents to Saudi Aramco and RasGas companies, in both cases a malware infected internal networks without impacting on the production systems...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Surviving a Public Infrastructure or Energy Grid Attack

September 27, 2012 Added by:Dan Dieterle

What would you do if the lights suddenly went out? Where would you get news from? Or more importantly water? Keep cool or get heat? Though many disregard warnings about critical infrastructure attacks what if the worst did happen, would you be prepared?

Comments  (2)

8a958994958cdf24f0dc051edfe29462

Anomaly Detection: Front-Door Infrastructure Security

September 23, 2012 Added by:Larry Karisny

So what if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes. And if we could do this then wouldn’t risk management and security actually just be a byproduct of allowing these positive business events to occur?

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Ask The Experts: Important SCADA Security Tips

September 16, 2012 Added by:Brent Huston

Utilities have been computerizing their SCADA systems for years now. This has allowed them to save money, time and manpower and has increased their situational awareness and control flexibility. However, industrial control systems are usually not very robust and also very ‘dumb...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Three Days of The Condor... With Malware

September 07, 2012 Added by:Infosec Island Admin

Pandora’s box has been opened. All the players are taking the field, and many of them may not be ready to play a proper game… Shamoon did it’s thing, but it seems to be more a brute force tool than an elegant piece of code and a slick plan. The blowback though is yet to be determined...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Utility Breach Prompts Enforcement and Industry-Wide Security Review

September 06, 2012 Added by:David Navetta

Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GarrettCom Magnum Privilege Escalation

September 04, 2012 Added by:Infosec Island Admin

Successful exploitation of this vulnerability could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Shamoon - DistTrack Malware

August 30, 2012 Added by:Infosec Island Admin

W32.DistTrack, also known as “Shamoon,” is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Oil and Natural Gas Pipeline Intrusion Campaign

August 28, 2012 Added by:Infosec Island Admin

ICS-CERT onsite analysis included a search for host-based and network-based indicators to identify additional hosts for further analysis. ICS-CERT hashed files from approximately 1700 machines and compared them to hashes of known malicious files and examined proxy logs to identify any suspicious network activity...

Comments  (1)

924ce315203c17e05d9e04b59648a942

Potential Collateral Damage from an Israeli First Strike on Iran

August 26, 2012 Added by:Richard Stiennon

Carbon whiskers unleashed to disable transformers? Oh yes. Just a few grams got released into the atmosphere and shorted out transformers throughout the Pacific Northwest. I do not like the idea of kilograms of this escaping the target area. It could be decades before power grids are free of this menace...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities Update

August 17, 2012 Added by:Infosec Island Admin

Independent security researchers have identified multiple vulnerabilities in the Tridium Niagara AX Framework software including directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability

August 16, 2012 Added by:Infosec Island Admin

Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »