NIST is raising awareness that security through obscurity has become a thing of the past – but are we doing enough to protect infrastructure such as dams and power plants?
Archive for the ‘critical infrastructure’ Category
In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. A study of 4.8 billion automated…
Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)
ICS-CERT published advisories this week warning users of Siemens molecular imaging products of publicly exploits for Windows 7 versions of those devices.
Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.
Posted in Black Hat, critical infrastructure, Digi, firmware vulnerabilities, hardware hacking, IOActive, Ludlum Portal Monitors, Mirion WRM2 protocol, nuclear power plant security, radiation monitoring devices, RF analysis, Ruben Santamarta, vulnerabilities | Comments (0)
Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server.
Posted in authentication bypass, critical infrastructure, Man in the middle, Siemens, Siemens patches, Siemens SIMATIC Sm@rtClient for Android, Siemens SiPass integrated server, vulnerabilities | Comments (0)
Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available.
Posted in critical infrastructure, Cross site scripting, file upload vulnerability, harsh environments, Input validation, Maxim Rupp, path traversal, RuggedCom, server misconfiguration, Siemens, vulnerabilities | Comments (0)
Schneider Electric patched a vulnerability in the Tableau Server running in its Wonderware analytics and visualization platform that could allow an attacker to elevate privileges.
Burlington Electric Department general manager Neale Lunderville speaks out about last week’s incident and response to reports the electric grid had been hacked.
Posted in Burlington Electric Department, critical infrastructure, DNC Hack, Donald Trump, Government, Grizzly Steppe, hack the election, indicators of compromise, Neale Lunderville, Russia hacking, Washington Post | Comments (0)
Cisco Systems has issued two critical advisories addressing flaws in its 900 Series Routers and its Cisco Prime Home server.
Posted in 900 Series Routers, Acano Server, Cisco Critical Advisories, Cisco Meeting Server, Cisco Prime Home, Cisco Systems, Cisco Telepresence, Cloud security, command injection vulnerability, critical infrastructure, DoS vulnerability, Remote Attack, vulnerabilities, Web Security | Comments (0)