Siemens has patched a serious remotely exploitable vulnerability in its SINAMICS S/G ICS software that could enable an attacker to take arbitrary actions on a vulnerable installation without having to authenticate. The vulnerability affects all versions of the Siemens SINAMICS S/G products with firmware versions earlier than 4.6.11. ICS-CERT, a pat of the Department of Homeland Security,[...]
Browsing Category: Critical Infrastructure
ICS expert Ralph Langner has thrown back the covers on Stuxnet revealing a two-pronged attack intent not only on disrupting Iran’s nuclear capabilities, but flexing the attackers’ muscle in building weaponized malware.
At the Advanced Cyber Security Center annual conference, prominent security experts continue to advocate for attack and threat intelligence sharing and hint at automating this between machines.
A hacker miles away can conduct a brute-force attack against industrial automation software used worldwide in the gas, oil, water and electric industries.
Bugs in the Emergency Alert System, including one that can enable an attacker to send out a fake alert, still exist in the software, even after the manufacturers were notified and apparently updated it.
A trio of researchers have uncovered 25 security vulnerabilities in various supervisory control and data acquisition (SCADA) and industrial control system (ICS) protocols.
I had a chance to visit a number of industrial events this year and can see the evolution of cybersecurity in the industrial field. One of these was the 4th National Institute of Standards and Technology’s (NIST) Cybersecurity Framework Workshop (CFW).
Nearly two years after a security researcher published details of the hard-coded credentials that ship with a slew of industrial control system products made by Schneider Electric, the company has released updated firmware that fix the problems. The vulnerabilities, which were discovered by researcher Ruben Santamarta and published in December 2011, affect dozens of products[...]
A Belgian telecom company that handles some of the undersea cables that carry international voice traffic said Monday that its internal network had been compromised sometime in the last few months and malware had planted on some of its systems. Belgacom said the attack only affected its own systems, and not those of customers, and said it has filed a complaint with the Belgian federal authorities about the incident.
Dennis Fisher and Mike Mimoso talk about the news of the last couple of weeks, including the revelations of the NSA’s anti-cryptography capabilities, the botnet making use of Tor and the Kimsuky cyberespionage attack.