Items Tagged with "Industrial Control Systems"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Preserving Forensic Data

June 01, 2012 Added by:Infosec Island Admin

Preserving forensic data is an essential aspect of incident response. The data acquired during the process is critical to containing the intrusion and improving security to defend against the next attack. Network defenders should make note of the following recommendations for retention of essential forensic data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Cyberwar Threats and Critical Infrastructure Vulnerabilities

May 31, 2012 Added by:Headlines

"Targeted attacks are increasing dramatically. It could be state sponsored or it could be just hacktivists or it could be a cyber criminal organisation. But we know the number one target is government institutions and the second is manufacturing, including oil and gas..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Emerson DeltaV Multiple Vulnerabilities

May 31, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography for Passwords

May 30, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

On Air Gaps and Killer Toothbrushes

May 28, 2012 Added by:Chris Blask

Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: xArrow Multiple Vulnerabilities

May 25, 2012 Added by:Infosec Island Admin

Security researcher Luigi Auriemma identified and released four security vulnerabilities, along with proof-of-concept code, in the xArrow software application which may cause a denial-of-service condition or allow an attacker to execute arbitrary code...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

CyLab: Utilities Rank Worst in Governance and Security

May 23, 2012 Added by:Headlines

“Of the... respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the... sector ranked last for four of the practices and next to last for the other two..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SNORT in an ICS Environment

May 23, 2012 Added by:Infosec Island Admin

A major obstacle for ICS security is how to test and deploy security tools in the ICS space. Now, the open-source IT security research community has paired with ICS teams, DHS, NESCO, and other stakeholders to research ICS network threats and produce tools to address them...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: From the Trenches - A Tabletop Exercise

May 22, 2012 Added by:Infosec Island Admin

Incident response is critical. During a real incident, you don’t want to discover major gaps in policy/procedure and/or technology tools. The collaboration that occurs during the exercise helps to understand the roles and responsibilities that each of us have during cyber attacks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Former DHS Director Sean Paul McGurk Joins ICS ISAC

May 22, 2012 Added by:Headlines

Malware such as Stuxnet and Duqu have led to the recognition of broader systemic vulnerabilities within critical infrastructure which until recently have been largely disconnected. Addressing the resiliency of these systems must occur at technical, organizational and policy levels...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Protecting SCADA Systems with Air Gaps is a Myth

May 21, 2012 Added by:Headlines

Speaking at AusCERT, SCADA security expert Eric Byres stated that “the whole concept of trying to protect SCADA systems with air gaps is a myth" perpetuated by those who believe "bad things will never happen to the control systems..."

Comments  (7)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

SCADA Security: Consequences and Difficulty with Incentives

May 18, 2012 Added by:Rafal Los

Here's the problem - when it comes to critical infrastructure protection it's very difficult to legislate and regulate the organizations that matter into a state of better security. The problem is that in order to enforce policy and rules there either have to be consequences to failing, or incentives not to fail - or both...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Kaspersky Warns of Critical Infrastructure Vulnerabilities

May 18, 2012 Added by:Headlines

“It’s not possible to protect. Stuxnet told us that modern systems are not protected... SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere... [We] need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

May 18, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware Unicode String Vulnerability

May 17, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »