Blog Posts Tagged with "Stuxnet"
August 08, 2011 Added by:Infosec Island Admin
Within the security community, we now face a paradigm shift that only recently has exploded onto the collective conscious. We are the new front line on the 5th battlespace. Terrorists, Spies, Nation States, Individuals, Corporations, and now ‘collectives’ are all waging war online...
August 04, 2011 Added by:Infosec Island Admin
Today we have a hacker community out there able to get their hands on code easily and even perhaps the PLC systems themselves to create even more exploits. Add to this that many SCADA systems have been connected to the Internet (as they should NEVER BE) ripe for attack and we have a big problem...
August 01, 2011 Added by:Infosec Island Admin
Post Stuxnet, this paper and the presentation to follow at DEFCON this year seems more like a call for attention and perhaps a marketing scheme than anything revelatory befitting a talk at DEFCON. Having read the paper, it leaves me nonplussed as to why this s being presented at all...
July 21, 2011 Added by:Headlines
"Tehran never did overcome the disruptions caused by Stuxnet or restore its centrifuges to smooth and normal operation as was claimed. Indeed, Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones..."
June 15, 2011 Added by:Headlines
The authors of Cyber Dawn argued that something similar to the Stuxnet attack on Iran could be done in Libya, noting that German engineering conglomerate Siemens AG — whose software system was exploited by Stuxnet — has played an important role in projects across the Libya...
June 14, 2011 Added by:Headlines
Siemens was prompted to take swift action after security researcher Dillon Beresford cancelled a scheduled presentation at the Takedown Conference in Dallas where he planned to reveal an exploit proof-of-concept aimed at Siemens controllers...
June 08, 2011 Added by:Rahul Neel Mani
APTs are becoming more and more complicated. However, there are certain security measures that organisation still need to take. Take the case of Epsilon data breach, or RSA breach. Hacked using simple social engineering tools like spear phishing and phishing e-mail to succeed...
June 01, 2011 Added by:Headlines
“We must plan, train, exercise and operate in a way which integrates our activities in both cyber and physical space. We will grow a cadre of dedicated cyber experts to support our own and allied cyber operations and secure our vital networks...”
May 25, 2011 Added by:J. Oquendo
DHS, Siemens and other similar organizations are naive to think that attackers aren't actively exploiting their software. Regardless if a researcher decided to not publicly speak about an exploit, there is an assumption that it isn't already exploited. How wrong they are....
May 25, 2011 Added by:Headlines
"The reaction by Siemens is the old school knee-jerk reaction: 'Just 'cus some kids can do it does not mean we are targeted'. Industrial control vendors and users have to take this very seriously. They are being targeted, they are vulnerable, and the repercussions could be expensive..."
May 19, 2011 Added by:Headlines
“Things could explode. I don’t want to overplay this and sound like it’s a bunch of FUD but physical damage can occur and people can be seriously injured or worse. So we felt it was best to be prudent and wait a bit longer until we get more information," said NSS Labs CEO Rick Moy...
May 17, 2011 Added by:Headlines
“We have created an arms race because now countries like China are blaming the US for the Iran attack and saying 'we need one too'. I think the next Stuxnet will be cruder but it will go after broad spectrum connections..."
May 06, 2011 Added by:Keith Mendoza
Information system security is really nothing new, its just that no one has paid attention to it until recently; and the focus seem to mostly be on securing the application. My question is: who will make sure that the attack vector will not come from the hardware layer?
April 28, 2011 Added by:Headlines
"Given the lack of opaqueness on the part of Iran, it seems unlikely that there has been anything new discovered and it is questionable as to whether or not anything at all was found, and if something was, whether or not it was truly malicious..."
April 25, 2011 Added by:Headlines
"Certain characteristics about the 'Stars' virus have been identified, including that it is compatible with the (targeted) system. In the initial stage, the damage is low and it is likely to be mistaken for governmental executable files..."
April 19, 2011 Added by:Headlines
"The message is that our industrial control systems are very, very vulnerable to attack and the security we have installed today is insufficient to protect us. I'm concerned that (the industry) is not getting that message, despite having the evidence in front of us..."
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015