Blog Posts Tagged with "Industrial Control Systems"

E595c1d49bf4a26f8e14ce59812af80e

Secure Communications in Harsh Environments

October 02, 2012 Added by:Patrick Oliver Graf

For a long time, hackers only targeted the IT systems of offices or individuals. This, however, has changed as the bad guys more frequently go after unconventional targets, like industrial and oil plants, refineries of all kinds, power grids or water utilities...

Comments  (0)

70830de61015ee5312d58e6a9e0254ae

We're Under Cyber Attack INSIDE America!

October 01, 2012 Added by:Doug DePeppe

Cyberattacks are mounting. They are getting more severe, and indicate nation-state support, reportedly from Iran. The US national strategy must change. It must address the need for capability where harm from an attack on critical infrastructure will be felt in communities across America...

Comments  (4)

03b2ceb73723f8b53cd533e4fba898ee

Energy Sector Cyber Espionage: Chinese Hackers are not Alone

September 29, 2012 Added by:Pierluigi Paganini

Since last month a new campaign of cyber attacks have hit the Energy sector, all is started with the incidents to Saudi Aramco and RasGas companies, in both cases a malware infected internal networks without impacting on the production systems...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Surviving a Public Infrastructure or Energy Grid Attack

September 27, 2012 Added by:Dan Dieterle

What would you do if the lights suddenly went out? Where would you get news from? Or more importantly water? Keep cool or get heat? Though many disregard warnings about critical infrastructure attacks what if the worst did happen, would you be prepared?

Comments  (2)

8a958994958cdf24f0dc051edfe29462

Anomaly Detection: Front-Door Infrastructure Security

September 23, 2012 Added by:Larry Karisny

So what if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes. And if we could do this then wouldn’t risk management and security actually just be a byproduct of allowing these positive business events to occur?

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Ask The Experts: Important SCADA Security Tips

September 16, 2012 Added by:Brent Huston

Utilities have been computerizing their SCADA systems for years now. This has allowed them to save money, time and manpower and has increased their situational awareness and control flexibility. However, industrial control systems are usually not very robust and also very ‘dumb...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Three Days of The Condor... With Malware

September 07, 2012 Added by:Infosec Island Admin

Pandora’s box has been opened. All the players are taking the field, and many of them may not be ready to play a proper game… Shamoon did it’s thing, but it seems to be more a brute force tool than an elegant piece of code and a slick plan. The blowback though is yet to be determined...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Utility Breach Prompts Enforcement and Industry-Wide Security Review

September 06, 2012 Added by:David Navetta

Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GarrettCom Magnum Privilege Escalation

September 04, 2012 Added by:Infosec Island Admin

Successful exploitation of this vulnerability could allow escalation of privileges to full administrative access. The privilege escalation could provide the attacker a vector for making changes to settings, or initiating a complete device shutdown causing a denial of service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Shamoon - DistTrack Malware

August 30, 2012 Added by:Infosec Island Admin

W32.DistTrack, also known as “Shamoon,” is an information-stealing malware that also includes a destructive module. Shamoon renders infected systems useless by overwriting the Master Boot Record (MBR), the partition tables, and most of the files with random data. Once overwritten, the data are not recoverable...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Oil and Natural Gas Pipeline Intrusion Campaign

August 28, 2012 Added by:Infosec Island Admin

ICS-CERT onsite analysis included a search for host-based and network-based indicators to identify additional hosts for further analysis. ICS-CERT hashed files from approximately 1700 machines and compared them to hashes of known malicious files and examined proxy logs to identify any suspicious network activity...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Key Management Errors in RuggedCom’s ROS

August 23, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code by security researcher Justin W. Clarke can be used to decrypt SSL traffic between an end user and a RuggedCom network device...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities Update

August 17, 2012 Added by:Infosec Island Admin

Independent security researchers have identified multiple vulnerabilities in the Tridium Niagara AX Framework software including directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens COMOS Privilege Escalation Vulnerability

August 16, 2012 Added by:Infosec Island Admin

Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Gauss Information Stealing Malware

August 14, 2012 Added by:Infosec Island Admin

Kaspersky Lab recently released a report on a new information-stealing malware they have named “Gauss" which is designed to collect information and send the data to its command-and-control servers. Gauss was predominantly on systems in the Middle East, but has also been detected on networks in the US...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Synco OZW Web Server Vulnerability

August 13, 2012 Added by:Infosec Island Admin

Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »