Browsing Category: Critical Infrastructure

There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number of GE Ethernet switches, including the GE Multilink[…]

Read more...

The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by[…]

Read more...

Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used[…]

Read more...

Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an[…]

Read more...