The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks. The vulnerability is an information disclosure bug in the Innominate mGuard product, which is meant to connect operators to[...]
Browsing Category: Critical Infrastructure
A new and allegedly super secure microkernel was made open source today, a move that could have serious security implications across a number sensitive and increasingly connected fields.
Siemens released an update for two builds of its SIMATIC automation system this week, addressing a quintet of issues, four of which are remotely exploitable.
Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors.
OpenSSL vulnerabilities discovered in a number of Siemens industrial control systems are being exploited in the wild. The company has updates available for some, but not all, of the affected products.
The new SSL Black List is a public list of certificates associated with a variety of malicious operations, including botnets, malware campaigns and banking Trojans.
The GAO issued a scathing report criticizing the lack of risk assessments and cybersecurity funding at shipping ports and other maritime facilities.
Yokogawa Electric Corp., of Japan patched critical buffer overflow flaws in its CENTUM and Exaopac production control system software.
In response to a FOIA request for information about the Operation Aurora attack on Google the Department of Homeland Security released hundreds of pages of documents related not to that attack campaign, but to the Aurora project run at Idaho National Lab years earlier
A China-linked hacker group known as Deep Panda has compromised a number of national security think tanks seeking information on U.S. policy in Iraq.