Browsing Category: Critical Infrastructure

LAS VEGAS–It’s not difficult to find people here who are excited about security. There are roughly 10,000 of them in town this week. But there’s a smaller group of people who are on a different level, who are so passionate and amped up about their ideas that they can’t stop themselves from talking about them. Shawn Henry is one of those people.

Read more...

LAS VEGAS–Reflecting on the successes and failures in the industry in the last 15 years, a panel of security experts at Black Hat said that while defenses have gotten better, attackers have as well and there is a long way to go before defenders have the upper hand. If that ever happens, they said, it will need to be a cooperative effort among users, security folks and even the government.

Read more...

LAS VEGAS–The Black Hat conference is now officially an adolescent, and like most in that age group, it has gone through some growing pains in its life. Once criticized for giving too much of a platform for offensive research, and then, after its sale a few years ago to a media conglomerate, dinged for being too corporate, Black Hat now seems to have settled into a nice, comfortable spot with high-quality research and talks from top government officials.

Read more...

German industrial control system manufacturer Siemens announced Monday that it had patched holes in some of its products that appear to resemble holes used by the famous Stuxnet worm in 2010. If left unpatched, vulnerabilities in the company’s Simatic STEP 7 and Simatic PCS 7 software could have allowed the loading of malicious Microsoft Dynamic-link Library files. This in turn could lead to an attack against systems that use STEP 7, a la Stuxnet.

Read more...

German industrial control system manufacturer Siemens announced Monday that it had patched holes in some of its products that appear to resemble holes used by the popular Stuxnet worm in 2010.If left unpatched, vulnerabilities in the company’s Simatic STEP 7 and Simatic PCS 7 software could have allowed the loading of malicious Microsoft Dynamic-link Library files. This in turn could lead to an attack against systems that use STEP 7.

Read more...

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers. 

Read more...

It’s that most wonderful time of the year again: tool release season. With Black Hat, DEF CON and BSides Las Vegas all looming, researchers are beginning to publish the tools that they’ll be discussing during their talks at the various conferences next week. Among the more interesting releases so far is Termineter, a tool designed for testing the security of smart meters.

Read more...

A new variety of spyware has been targeting users in Iran, Israel and the Middle East for the last eight months according to joint research from Israeli security software firm Seculert and Kaspersky Lab. The new malware is using a variety of odd techniques and misdirection to entice users to install it, and researchers say it is targeting a specific group of potentially high-value targets.

Read more...

If you’ve been scanning the headlines or watching the evening news, you may have heard that tens of thousands of Internet users in the U.S. – hundreds of thousands around the world – will be cut off from the Internet on Monday, July 9, after servers set up at the bequest of the U.S. government go dark. That’s bad, right? Well, maybe not.

Read more...