A SCADA vulnerability could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability is left unpatched.
Browsing Category: Critical Infrastructure
The Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project.
Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device.[…]
Three federal agencies crucial to critical infrastructure protection will be allowed to continue to voluntarily assess cyber risk, rather than force the development and implementation of additional regulations.
Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the systems were only protected by simple passwords. Officials at the ICS-CERT,[…]
Industrial control systems manufacturers are continuing to discover and provide fixes for the OpenSSL Heartbleed vulnerability.
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the[…]
Patches are available for buffer overflow bugs in Yokogawa production control software. Public exploits are available for the vulnerabilities, as well as a Metasploit module.
Industrial control system wireless gateways from Digi International are vulnerable to Heartbleed, ICS-CERT warns. The vendor has firmware upgrades available and urges immediate updates.
Bug bounties once were restricted mainly to large software companies such as Mozilla and Google. But the success of these programs has led many other infrastructure and product companies, including Yahoo, Facebook, Barracuda, PayPal and even Microsoft, to launch their own reward systems. Now, the phenomenon has spread to individual developers. Looking at the list[…]