Blog Posts Tagged with "Infrastructure"
ICS-CERT: GE Intelligent Platforms Proficy HTML Vulnerability
June 28, 2012 Added by:Infosec Island Admin
Andrea Micalizzi identified a command injection vulnerability in a third-party HTML help application used by some GE Intelligent Platforms Proficy products. GE identified a stack-based buffer overflow vulnerability that also existed in the same component. An attacker could exploit these vulnerabilities...
Comments (0)
ENISA: Getting Ready for Cyber Europe 2012
June 27, 2012 Added by:Headlines
Cyber Europe 2012 is the 2nd pan-European exercise on Critical Information Infrastructure Protection. It ties together the extensive activities in the EU, at both national and European level, to improve the resilience of critical information infrastructures. The exercise will take place in the autumn...
Comments (0)
ICS-CERT: Wonderware SuiteLink Unallocated Unicode String
June 22, 2012 Added by:Infosec Island Admin
Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...
Comments (0)
Report Examines Increasing Threats to Critical Infrastructure
June 21, 2012 Added by:Headlines
“Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure...”
Comments (0)
Stuxnet, Flame, Duqu Less Dangerous than Conventional Attacks
June 21, 2012 Added by:Headlines
“Our advice to ICS and SCADA network managers is to be informed of new threats like Flame, but be especially vigilant against the more conventional, widely understood threats. In all likelihood, a simple denial-of-service attack has a better chance of wreaking havoc on their network than Stuxnet or Duqu"...
Comments (0)
ICS-CERT: Increasing Logging Capabilities
June 21, 2012 Added by:Infosec Island Admin
System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...
Comments (0)
ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities
June 21, 2012 Added by:Infosec Island Admin
The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...
Comments (0)
NARUC: Cybersecurity Guidance for State Utility Regulators
June 20, 2012 Added by:Infosec Island Admin
“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...
Comments (0)
ICS-CERT: RuggedCom Weak Password Cryptography
June 20, 2012 Added by:Infosec Island Admin
A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...
Comments (0)
The Need for Improved Critical Infrastructure Protection
June 13, 2012 Added by:William Mcborrough
Tackling the problem of critical infrastructure protection will take concerted efforts from the public and private sectors. An appropriate governance structure is needed to avoid the inevitable over-reaction that will follow the inevitable catastrophic attack against our critical infrastructure...
Comments (4)
Post-Stuxnet: Siemens Improves ICS-SCADA Security
June 07, 2012 Added by:Headlines
"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...
Comments (0)
Cyberwar Threats and Critical Infrastructure Vulnerabilities
May 31, 2012 Added by:Headlines
"Targeted attacks are increasing dramatically. It could be state sponsored or it could be just hacktivists or it could be a cyber criminal organisation. But we know the number one target is government institutions and the second is manufacturing, including oil and gas..."
Comments (0)
ICS-CERT: Measuresoft ScadaPro DLL Hijack Vulnerability
May 29, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application which may lead to arbitrary code execution...
Comments (0)
On Air Gaps and Killer Toothbrushes
May 28, 2012 Added by:Chris Blask
Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...
Comments (2)
Notes on Electromagnetic Pulse (EMP) in US, UK, NL
May 22, 2012 Added by:Matthijs R. Koot
In 2009, there was a discussion on a forum for pilots about an article that argued that a commercial aircraft could be brought down by DIY EMP bombs. Also in 2009, the U.S. Patent Application for an Electromagnetic pulse (EMP) hardened information infrastructure was filed...
Comments (1)
ICS-CERT: From the Trenches - A Tabletop Exercise
May 22, 2012 Added by:Infosec Island Admin
Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers