The devices that control traffic lights and electronic signs in many cities are vulnerable to a number of attacks, can be exploited quite easily and used to spread malware from device to device.
Browsing Category: Critical Infrastructure
The White House wants you to know that it did not know about the OpenSSL Heartbleed vulnerability before you did. The White House also wants you to know that administration officials don’t think stockpiling zero days isn’t necessarily good for national security. That’s all well and good, except that it mostly doesn’t matter.
Siemens continues to work on patches and provide updates to their ICS and SCADA systems affected by the OpenSSL Heartbleed vulnerability.
An ICS protocol sniffer has been released to GitHub. OpenICS builds data dictionaries, rather than signatures, from the packets it captures in order to help business leaders make security decisions.
A number of ICS products from Siemens and Innominate are vulnerable to the OpenSSL heartbleed flaw, some of which do not have updates available yet. The list of products affected by the heartbleed vulnerability continues to grow by the day, with OpenVPN being one of the latest. A researcher on Friday said that he was[…]
The problem of critical infrastructure security has become a key issue in the last few years, as high-profile attacks such as Stuxnet and others have grabbed headlines and alerted politicians and others to the weaknesses facing these vital systems.
The openSSL heartbleed has led to a huge increase in the number of SSL certificates being revoked, as site owners and hosting providers go through the process of replacing vulnerable certificates.
Dennis Fisher talks with Eugene Kaspersky about the need for better critical infrastructure security, the major threats facing enterprises today and the specter of cyberwar.
Former DHS secretary Tom Ridge said at the Kaspersky Lab Cybersecurity Summit that U.S. critical infrastructure will be a target as long as the public and private sector balk on sharing attack and threat data.
In March I spoke at Cyber Intelligence Asia 2014, where CERTs from most Asians countries were presented. The fact is that only a few CERTs are now dealing in some way with industrial security, ICS and SCADA matters. One of the best of those is CERT of Japan, which is doing a great job here,[…]