Archive for the ‘critical infrastructure’ Category

‘Gloomy times ahead’ for security on critical infrastructure, warn experts

August 21st, 2017

NIST is raising awareness that security through obscurity has become a thing of the past – but are we doing enough to protect infrastructure such as dams and power plants?

Posted in critical infrastructure, government security, Industrial Control Systems, process sensors, Security threats | Comments (0)

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated…

Read the whole entry… »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

Exploits Available for Siemens Molecular Imaging Vulnerabilities

August 4th, 2017

ICS-CERT published advisories this week warning users of Siemens molecular imaging products of publicly exploits for Windows 7 versions of those devices.

Posted in critical infrastructure, health care, molecular imaging products, Siemens, vulnerabilities | Comments (0)

Vulnerable Radiation Monitoring Devices Won’t Be Patched

July 26th, 2017

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Posted in Black Hat, critical infrastructure, Digi, firmware vulnerabilities, hardware hacking, IOActive, Ludlum Portal Monitors, Mirion WRM2 protocol, nuclear power plant security, radiation monitoring devices, RF analysis, Ruben Santamarta, vulnerabilities | Comments (0)

Siemens Patches Authentication Bypass Flaw in SiPass Server

July 14th, 2017

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server.

Posted in authentication bypass, critical infrastructure, Man in the middle, Siemens, Siemens patches, Siemens SIMATIC Sm@rtClient for Android, Siemens SiPass integrated server, vulnerabilities | Comments (0)

Energy, Nuclear Targeted with Template Injection Attacks

July 10th, 2017

Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities.

Posted in Cisco Talos, critical infrastructure, Critical infrastructure attacks, docx, GitHub, Phishery, phishing attack, Relationship ID, Server Message Block, SMB server, URL injector, WebDAV, Wolf Creek Nuclear Operating Corporation | Comments (0)

Workarounds Available for Flaws in Siemens RUGGEDCOM Gear

March 29th, 2017

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available.

Posted in critical infrastructure, Cross site scripting, file upload vulnerability, harsh environments, Input validation, Maxim Rupp, path traversal, RuggedCom, server misconfiguration, Siemens, vulnerabilities | Comments (0)

Privilege Escalation Flaw Patched in Schneider Wonderware

March 10th, 2017

Schneider Electric patched a vulnerability in the Tableau Server running in its Wonderware analytics and visualization platform that could allow an attacker to elevate privileges.

Posted in critical infrastructure, ICS-CERT, privilege escalation vulnerability, Schneider Electric, Tableau Server, vulnerabilities, Wonderware Intelligence | Comments (0)

What Hack? Burlington Electric Speaks Out

January 4th, 2017

Burlington Electric Department general manager Neale Lunderville speaks out about last week’s incident and response to reports the electric grid had been hacked.

Posted in Burlington Electric Department, critical infrastructure, DNC Hack, Donald Trump, Government, Grizzly Steppe, hack the election, indicators of compromise, Neale Lunderville, Russia hacking, Washington Post | Comments (0)

Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Server

November 3rd, 2016

Cisco Systems has issued two critical advisories addressing flaws in its 900 Series Routers and its Cisco Prime Home server.

Posted in 900 Series Routers, Acano Server, Cisco Critical Advisories, Cisco Meeting Server, Cisco Prime Home, Cisco Systems, Cisco Telepresence, Cloud security, command injection vulnerability, critical infrastructure, DoS vulnerability, Remote Attack, vulnerabilities, Web Security | Comments (0)