An authentication bypass vulnerability in a Siemens device that’s used in energy automation systems could allow an attacker to gain control of the device. The vulnerability is in the Siemens SICAM MIC, a small telecontrol system that performs a number of functions and includes an integrated Web server and several other features. “The devices consist of[…]
Browsing Category: Critical Infrastructure
The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water,[…]
A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor.[…]
The U.S.-China Economic and Security Review Commission tackled China and cyberespionage today in a D.C. hearing.
Dennis Fisher and Mike Mimoso discuss the Duqu 2.0 attack and its ramifications, the addition of HSTS support to Windows 7 and 8.1 and the rest of the news of the week.
UPDATE–Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher named Maxim Rupp has discovered a cross-sire request forgery vulnerability in the operating[…]
Human machine interface software from Rockwell Automation has been patched, protecting users from a vulnerability in the way stored passwords are protected.
The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.
A coalition of 150 tech companies and privacy champions sent a letter to President Obama urging him to reject any proposals mandating backdoor access to software and devices.