After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as[…]
Browsing Category: Critical Infrastructure
There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by German firm Endress+Hauser that can cause affected products to hang indefinitely.
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
A device called BEKey which is the size of a quarter and can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.
Dell SecureWorks researchers today at Black Hat released a new report on Emissary Panda, or TG-3390, a China-sponsored APT gang that has refined the types of data it covets.
An authentication bypass vulnerability in a Siemens device that’s used in energy automation systems could allow an attacker to gain control of the device. The vulnerability is in the Siemens SICAM MIC, a small telecontrol system that performs a number of functions and includes an integrated Web server and several other features. “The devices consist of[…]
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water,[…]
A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor.[…]
The U.S.-China Economic and Security Review Commission tackled China and cyberespionage today in a D.C. hearing.