Items Tagged with "SCADA"
Initiative to Protect the Electric Grid from Cyber Threats
January 09, 2012 Added by:Headlines
The project, a White House initiative led by the DOE in partnership with the DHS, will leverage private industry and public sector experts to build on existing cybersecurity strategies to create a more comprehensive and consistent approach to protecting the nation’s energy delivery system...
Comments (0)
Smart-Grid Security Will Force New Ways of Thinking
January 06, 2012 Added by:Larry Karisny
The problem is we can no longer look at IPS and IDS solutions of the past when trying to secure the enormous amount of data now in the grid data. The old way of doing this is just too expensive, too complex, too slow and frankly doesn't get the job done...
Comments (0)
ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerabilities
January 06, 2012 Added by:Headlines
Three vulnerabilities in Invensys Wonderware InBatch exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware...
Comments (0)
Cyber Defense: Welcome to 2012 and Interesting Times
January 05, 2012 Added by:Cyber Defense Weekly
2011 was the year that state sponsored hacking finally came to national attention with hundreds of articles exposing the continued industrial and military cyber espionage credited to the likes of China and Russia. We can be sure that 2012 will bring more of the same...
Comments (0)
ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX
January 05, 2012 Added by:Headlines
Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...
Comments (0)
Information Security and Data Protection in 2012
January 04, 2012
As we start 2012, we can expect to see a continuance of data breaches and increasing cyber attacks. It’s important for businesses and organizations to know what they need to be prepared for and to take steps to help minimize the threats that do not appear to be going away...
Comments (0)
Duqu: The Worst May Come for Critical Infrastructure
January 04, 2012 Added by:Pierluigi Paganini
The modular nature of Duqu should cause us to jump from our chairs. It is reasonable to assume that Duqu is a work in progress, and the ability to change its structure at different times using modules designed specifically for precise goals makes this malware unique and formidable...
Comments (0)
The Next Cyber Weapon: Hypothesis on Stuxnet Three
December 28, 2011 Added by:Pierluigi Paganini
These are works in progress and they will be improved with components developed to attack strategic targets. Which are the features that we believe may be present in future versions of these dreaded malware? Asking yourself this question is crucial to guide research...
Comments (0)
The Security Impact of Performance
December 22, 2011 Added by:Rafal Los
DDoS is being used as a tool that has turned poor performing systems into weapons against their implementers. It proves that no matter how big the pipe you have, it's possible to push so much traffic that the odds of handling it properly and staying available are virtually zero...
Comments (2)
ICS-CERT: WellinTech’s Kingview SCADA Vulnerability
December 22, 2011 Added by:Headlines
"An attacker can exploit this vulnerability by sending a specially crafted packet to Port 777/TCP that exceeds a specified length and contains executable code... Successful exploitation of the heap overflow vulnerability could allow a remote attacker to cause the service to crash..."
Comments (0)
ICS-CERT: 7-Technologies IGSS Data Server Vulnerability
December 21, 2011 Added by:Headlines
"This vulnerability can be exploited by sending a specially crafted packet to Port 12401/TCP. A successful exploit will cause a buffer overflow that can result in a remote DoS against the 7T Data Server application on the targeted host..."
Comments (0)
ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerability
December 20, 2011 Added by:Headlines
"Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware InBatch Runtime Client components," the ICS-CERT advisory warns...
Comments (0)
ENISA Releases Industrial Control Systems Security Report
December 19, 2011
"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."
Comments (0)
Duqu Analysis Shows ICS-SCADA Networks Vulnerable
December 15, 2011 Added by:Headlines
"Critical infrastructures are still not sufficiently prepared for attacks like DuQu... There are no commonly adopted ICS security standards, guidelines or regulations, corporate management is not sufficiently involved, and there are numerous technical vulnerabilities..."
Comments (0)
ICS-CERT Issues New SCADA Vulnerability Advisory
December 14, 2011 Added by:Headlines
Santamarta uncovered multiple hidden accounts with default passwords in the systems that could allow an attacker to remotely access the network, view and modify the module's firmware, execute arbitrary malicious code, or cause a denial of service interruption...
Comments (0)
Cybersecurity in Waste Water and Water Control Systems
December 14, 2011
The first of a monthly webinar series on Industrial Control System (ICS) Cybersecurity is now available for review in this video. This session provides insight for those interested in ICS Cybersecurity including policy makers, asset owners, vendors, consultants and integrators....