A cyberespionage team, possibly based in Russia, has been using a Windows zero day vulnerability to target a variety of organizations in several countries, including the United States, Poland, Ukraine and western Europe.
Browsing Category: Critical Infrastructure
Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data.
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.
DARPA is working on a new kind of software that is provably secure for specific properties.
Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability.
The Internet hasn’t been quick to adopt DNSSEC, for a variety of reasons, but experts say that there are some reasons to be optimistic about the progress that’s being made on DNSSEC adoption.
UPDATE–There are several unpatched, remotely exploitable vulnerabilities in a number of Schneider Electric’s SCADA products, one of which could be used to perform a shutdown of the SCADA server. Another of the vulnerabilities is an authentication bypass that could give an attacker access to sensitive data. The vulnerabilities affect a variety of Schneider Electric StruxureWare[…]
White House special assistant to the President and Cybersecurity Coordinator Micheal Daniel explains that a series of simple, known issues add up to a very difficult Internet security problem.
Four different remotely exploitable vulnerabilities were recently discovered and patched in a popular SCADA server.
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but[…]