Items Tagged with "SCADA"
January 18, 2012 Added by:Headlines
A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...
January 17, 2012 Added by:Headlines
Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...
January 13, 2012 Added by:Headlines
Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...
January 10, 2012 Added by:Headlines
Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...
January 09, 2012 Added by:Headlines
The use of readily available and generally free search tools significantly reduces time and resources required to identify Internet facing control systems. In turn, hackers can use these tools to easily identify exposed control systems, posing an increased risk of attack...
January 09, 2012 Added by:Headlines
The project, a White House initiative led by the DOE in partnership with the DHS, will leverage private industry and public sector experts to build on existing cybersecurity strategies to create a more comprehensive and consistent approach to protecting the nation’s energy delivery system...
January 06, 2012 Added by:Larry Karisny
The problem is we can no longer look at IPS and IDS solutions of the past when trying to secure the enormous amount of data now in the grid data. The old way of doing this is just too expensive, too complex, too slow and frankly doesn't get the job done...
January 06, 2012 Added by:Headlines
Three vulnerabilities in Invensys Wonderware InBatch exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware...
January 05, 2012 Added by:Cyber Defense Weekly
2011 was the year that state sponsored hacking finally came to national attention with hundreds of articles exposing the continued industrial and military cyber espionage credited to the likes of China and Russia. We can be sure that 2012 will bring more of the same...
January 05, 2012 Added by:Headlines
Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...
January 04, 2012
As we start 2012, we can expect to see a continuance of data breaches and increasing cyber attacks. It’s important for businesses and organizations to know what they need to be prepared for and to take steps to help minimize the threats that do not appear to be going away...
January 04, 2012 Added by:Pierluigi Paganini
The modular nature of Duqu should cause us to jump from our chairs. It is reasonable to assume that Duqu is a work in progress, and the ability to change its structure at different times using modules designed specifically for precise goals makes this malware unique and formidable...
December 28, 2011 Added by:Pierluigi Paganini
These are works in progress and they will be improved with components developed to attack strategic targets. Which are the features that we believe may be present in future versions of these dreaded malware? Asking yourself this question is crucial to guide research...
December 22, 2011 Added by:Rafal Los
DDoS is being used as a tool that has turned poor performing systems into weapons against their implementers. It proves that no matter how big the pipe you have, it's possible to push so much traffic that the odds of handling it properly and staying available are virtually zero...
December 22, 2011 Added by:Headlines
"An attacker can exploit this vulnerability by sending a specially crafted packet to Port 777/TCP that exceeds a specified length and contains executable code... Successful exploitation of the heap overflow vulnerability could allow a remote attacker to cause the service to crash..."
December 21, 2011 Added by:Headlines
"This vulnerability can be exploited by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host..."