Blog Posts Tagged with "SCADA"
November 06, 2012 Added by:Larry Karisny
Cyber Security Expert Joe Weiss has spearheaded the ICS Cyber Security Conference for 12 years and when he calls in the troops, the best come to serve. Last month’s conference held at Old Dominion University's Virginia Modeling Analysis and Simulation Center -- VMASC in Suffolk, Va. -- was no different...
October 31, 2012 Added by:Jayson Wylie
There seems to be some political purpose to the current interests around Kaspersky. They are becoming involved in investigating malware of a cyber weapon nature instead of the constant pursuit of Trojan variants and financial fraud that is more damaging to the masses originating around their home office...
October 11, 2012 Added by:Ben Rothke
The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security. But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats...
October 11, 2012 Added by:Brent Huston
I was recently engaged with some critical infrastructure experts on Twitter. We were discussing a quick and dirty set of basic tasks that could be used an approach methodology for helping better secure the power grid and other utilities. There was a significant discussion and many views were exchanged...
October 04, 2012 Added by:Tripwire Inc
Ultimately this is critical stuff. If we don’t want to find ourselves wandering the wastelands searching for food and water fighting off marauding bands of marauders (is that redundant?) its important for these ninjas to get it right and keep the pirates at bay...
October 02, 2012 Added by:Patrick Oliver Graf
For a long time, hackers only targeted the IT systems of offices or individuals. This, however, has changed as the bad guys more frequently go after unconventional targets, like industrial and oil plants, refineries of all kinds, power grids or water utilities...
October 01, 2012 Added by:Doug DePeppe
Cyberattacks are mounting. They are getting more severe, and indicate nation-state support, reportedly from Iran. The US national strategy must change. It must address the need for capability where harm from an attack on critical infrastructure will be felt in communities across America...
September 29, 2012 Added by:Pierluigi Paganini
Since last month a new campaign of cyber attacks have hit the Energy sector, all is started with the incidents to Saudi Aramco and RasGas companies, in both cases a malware infected internal networks without impacting on the production systems...
September 27, 2012 Added by:Dan Dieterle
What would you do if the lights suddenly went out? Where would you get news from? Or more importantly water? Keep cool or get heat? Though many disregard warnings about critical infrastructure attacks what if the worst did happen, would you be prepared?
September 23, 2012 Added by:Larry Karisny
So what if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes. And if we could do this then wouldn’t risk management and security actually just be a byproduct of allowing these positive business events to occur?
September 16, 2012 Added by:Brent Huston
Utilities have been computerizing their SCADA systems for years now. This has allowed them to save money, time and manpower and has increased their situational awareness and control flexibility. However, industrial control systems are usually not very robust and also very ‘dumb...
September 07, 2012 Added by:Infosec Island Admin
Pandora’s box has been opened. All the players are taking the field, and many of them may not be ready to play a proper game… Shamoon did it’s thing, but it seems to be more a brute force tool than an elegant piece of code and a slick plan. The blowback though is yet to be determined...
September 06, 2012 Added by:David Navetta
Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...
September 04, 2012 Added by:Infosec Island Admin
Successful exploitation of this vulnerability could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service...
August 30, 2012 Added by:Infosec Island Admin
W32.DistTrack, also known as “Shamoon,” is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable...
August 28, 2012 Added by:Infosec Island Admin
ICS-CERT onsite analysis included a search for host-based and network-based indicators to identify additional hosts for further analysis. ICS-CERT hashed files from approximately 1700 machines and compared them to hashes of known malicious files and examined proxy logs to identify any suspicious network activity...
New Zero-day in Microsoft OLE Being Exploite... Lisa Harris on 10-30-2014
What PCI Requirements Apply to Us: Tacking a... shahbaz ocpfsd1 on 10-29-2014
Today's Mobile Device Data Protection Must G... karna karn on 10-29-2014