UPDATE–There are several unpatched, remotely exploitable vulnerabilities in a number of Schneider Electric’s SCADA products, one of which could be used to perform a shutdown of the SCADA server. Another of the vulnerabilities is an authentication bypass that could give an attacker access to sensitive data. The vulnerabilities affect a variety of Schneider Electric StruxureWare[…]
Browsing Category: Critical Infrastructure
White House special assistant to the President and Cybersecurity Coordinator Micheal Daniel explains that a series of simple, known issues add up to a very difficult Internet security problem.
Four different remotely exploitable vulnerabilities were recently discovered and patched in a popular SCADA server.
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but[…]
A new watering hole attack is targeting the aerospace, automotive and manufacturing industries with a new reconnaissance malware tool called “Scanbox.”
Hackers hit the U.S. Nuclear Regulatory Commission (NRC) three separate times over the past three years.
Siemens released an update for its SIMATIC S7-1500 CPU last week, patching a denial of service vulnerability in the programmable logic controller.
Dan Geer’s Black Hat 2014 keynote featured 10 proposals to address shortcomings in security, in the context of government surveillance and eroding privacy.
A hole has been fixed in an industrial control system data management server that if left unpatched could result in a remotely exploitable DoS condition.
The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks. The vulnerability is an information disclosure bug in the Innominate mGuard product, which is meant to connect operators to[…]