Blog Posts Tagged with "Infrastructure"

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Proficy HTML Vulnerability

June 28, 2012 Added by:Infosec Island Admin

Andrea Micalizzi identified a command injection vulnerability in a third-party HTML help application used by some GE Intelligent Platforms Proficy products. GE identified a stack-based buffer overflow vulnerability that also existed in the same component. An attacker could exploit these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ENISA: Getting Ready for Cyber Europe 2012

June 27, 2012 Added by:Headlines

Cyber Europe 2012 is the 2nd pan-European exercise on Critical Information Infrastructure Protection. It ties together the extensive activities in the EU, at both national and European level, to improve the resilience of critical information infrastructures. The exercise will take place in the autumn...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware SuiteLink Unallocated Unicode String

June 22, 2012 Added by:Infosec Island Admin

Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Report Examines Increasing Threats to Critical Infrastructure

June 21, 2012 Added by:Headlines

“Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure...”

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Stuxnet, Flame, Duqu Less Dangerous than Conventional Attacks

June 21, 2012 Added by:Headlines

“Our advice to ICS and SCADA network managers is to be informed of new threats like Flame, but be especially vigilant against the more conventional, widely understood threats. In all likelihood, a simple denial-of-service attack has a better chance of wreaking havoc on their network than Stuxnet or Duqu"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Increasing Logging Capabilities

June 21, 2012 Added by:Infosec Island Admin

System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NARUC: Cybersecurity Guidance for State Utility Regulators

June 20, 2012 Added by:Infosec Island Admin

“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

5106d48203954b74e6ea495e5c7f21b0

The Need for Improved Critical Infrastructure Protection

June 13, 2012 Added by:William Mcborrough

Tackling the problem of critical infrastructure protection will take concerted efforts from the public and private sectors. An appropriate governance structure is needed to avoid the inevitable over-reaction that will follow the inevitable catastrophic attack against our critical infrastructure...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

Post-Stuxnet: Siemens Improves ICS-SCADA Security

June 07, 2012 Added by:Headlines

"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cyberwar Threats and Critical Infrastructure Vulnerabilities

May 31, 2012 Added by:Headlines

"Targeted attacks are increasing dramatically. It could be state sponsored or it could be just hacktivists or it could be a cyber criminal organisation. But we know the number one target is government institutions and the second is manufacturing, including oil and gas..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Measuresoft ScadaPro DLL Hijack Vulnerability

May 29, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application which may lead to arbitrary code execution...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

On Air Gaps and Killer Toothbrushes

May 28, 2012 Added by:Chris Blask

Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...

Comments  (2)

C4363f41d25c216c53c8d71a1ac44a90

Notes on Electromagnetic Pulse (EMP) in US, UK, NL

May 22, 2012 Added by:Matthijs R. Koot

In 2009, there was a discussion on a forum for pilots about an article that argued that a commercial aircraft could be brought down by DIY EMP bombs. Also in 2009, the U.S. Patent Application for an Electromagnetic pulse (EMP) hardened information infrastructure was filed...

Comments  (6)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: From the Trenches - A Tabletop Exercise

May 22, 2012 Added by:Infosec Island Admin

Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »