Noted researcher Dan Farmer published a paper on the depth and breadth of IPMI vulnerabilities in server Baseboard Management Controllers, and the news isn’t good.
Browsing Category: Critical Infrastructure
A SCADA vulnerability could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability is left unpatched.
The Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project.
Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device.[…]
Three federal agencies crucial to critical infrastructure protection will be allowed to continue to voluntarily assess cyber risk, rather than force the development and implementation of additional regulations.
Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the systems were only protected by simple passwords. Officials at the ICS-CERT,[…]
Industrial control systems manufacturers are continuing to discover and provide fixes for the OpenSSL Heartbleed vulnerability.
DUBAI–When new technologies or platforms emerge, they tend to follow a familiar trajectory in terms of security. The evolution typically goes through something like the following stages: Hey, look what we built; huh, no, we didn’t think about that problem; we’re very serious about security; ok, now we’re actually serious about security. This is the[…]
Patches are available for buffer overflow bugs in Yokogawa production control software. Public exploits are available for the vulnerabilities, as well as a Metasploit module.
Industrial control system wireless gateways from Digi International are vulnerable to Heartbleed, ICS-CERT warns. The vendor has firmware upgrades available and urges immediate updates.