Items Tagged with "Infrastructure"


7fef78c47060974e0b8392e305f0daf0

Electricity Subsector Cybersecurity Capabilities Maturity Model

July 03, 2012

The goal of the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) is to support ongoing development and measurement of cybersecurity capabilities within the electricity subsector. The model was developed to apply to all electric utilities, regardless of ownership structure, size, or function...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities

July 02, 2012 Added by:Infosec Island Admin

Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Proficy HTML Vulnerability

June 28, 2012 Added by:Infosec Island Admin

Andrea Micalizzi identified a command injection vulnerability in a third-party HTML help application used by some GE Intelligent Platforms Proficy products. GE identified a stack-based buffer overflow vulnerability that also existed in the same component. An attacker could exploit these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ENISA: Getting Ready for Cyber Europe 2012

June 27, 2012 Added by:Headlines

Cyber Europe 2012 is the 2nd pan-European exercise on Critical Information Infrastructure Protection. It ties together the extensive activities in the EU, at both national and European level, to improve the resilience of critical information infrastructures. The exercise will take place in the autumn...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware SuiteLink Unallocated Unicode String

June 22, 2012 Added by:Infosec Island Admin

Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Report Examines Increasing Threats to Critical Infrastructure

June 21, 2012 Added by:Headlines

“Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure...”

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Stuxnet, Flame, Duqu Less Dangerous than Conventional Attacks

June 21, 2012 Added by:Headlines

“Our advice to ICS and SCADA network managers is to be informed of new threats like Flame, but be especially vigilant against the more conventional, widely understood threats. In all likelihood, a simple denial-of-service attack has a better chance of wreaking havoc on their network than Stuxnet or Duqu"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Increasing Logging Capabilities

June 21, 2012 Added by:Infosec Island Admin

System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

NARUC: Cybersecurity Guidance for State Utility Regulators

June 20, 2012 Added by:Infosec Island Admin

“Understanding risk means understanding the relationship between vulnerability (such as a system with a known but unaddressed weakness), threat (such as a bad actor propagating viruses or worms) and consequence (such as physical damage and loss of public safety). Simply understanding risks is just the first step"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Password Cryptography

June 20, 2012 Added by:Infosec Island Admin

A researcher identified a default backdoor user account with a weak password encryption vulnerability in the RuggedCom Rugged Operating System which could allow an attacker can use a simple publicly available script to generate the default password and gain administrative access to the unit...

Comments  (0)

5106d48203954b74e6ea495e5c7f21b0

The Need for Improved Critical Infrastructure Protection

June 13, 2012 Added by:William Mcborrough

Tackling the problem of critical infrastructure protection will take concerted efforts from the public and private sectors. An appropriate governance structure is needed to avoid the inevitable over-reaction that will follow the inevitable catastrophic attack against our critical infrastructure...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

National Security Leaders Urge Passage of Cybersecurity Bill

June 11, 2012

“Given the time left in this legislative session and the upcoming election this fall, we are concerned that the window of opportunity to pass legislation that is in our view critically necessary to protect our national and economic security is quickly disappearing,” the letter states...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Post-Stuxnet: Siemens Improves ICS-SCADA Security

June 07, 2012 Added by:Headlines

"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

DOE: Twenty-One Steps to Improve SCADA Security

June 05, 2012

Action is required by all organizations to secure their SCADA networks as part of the effort to protect the nation’s critical infrastructure. The President’s Critical Infrastructure Protection Board and the Department of Energy have developed steps to help organizations improve SCADA security...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Cybersecurity Outlook: 2012 Summer Olympic Games

June 04, 2012

Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »