Blog Posts Tagged with "IS Controls"
ICS-CERT: Measuresoft ScadaPro DLL Hijack Vulnerability
May 29, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application which may lead to arbitrary code execution...
Comments (0)
On Air Gaps and Killer Toothbrushes
May 28, 2012 Added by:Chris Blask
Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...
Comments (2)
ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities
May 18, 2012 Added by:Infosec Island Admin
The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...
Comments (0)
ICS-CERT: Wonderware Unicode String Vulnerability
May 17, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...
Comments (0)
Join ICS-CERT on the US-CERT Secure Portal
May 09, 2012 Added by:Infosec Island Admin
One of the best kept secrets in the critical infrastructure world is the US-CERT secure portal, a web-based platform that provides a mechanism for secure, unclassified information exchange between government agencies and the private sector asset owners and operators...
Comments (0)
ICS-CERT: Planning for a Cyber Incident?
May 08, 2012 Added by:Infosec Island Admin
Organizations without an existing incident response capability should consider establishing one. To aid control systems owners and operators, the CSSP has prepared a Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability...
Comments (0)
Are ICS Vendors Really to Blame for Insecure Systems?
April 27, 2012 Added by:Joe Weiss
The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...
Comments (0)
ICS-CERT: RuggedCom Weak Cryptography Vulnerability
April 27, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...
Comments (0)
Misconceptions about Aurora: Why Isn't More Being Done
April 13, 2012 Added by:Joe Weiss
The 2007 Aurora test at the Idaho National Laboratory demonstrated that if someone can gain access to a controller, the attacker will cause physical damage. As Aurora is a gap in protection of the electric grid, one way to prevent an Aurora attack is by hardware mitigation...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)