Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to[…]
Browsing Category: Critical Infrastructure
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an[…]
DHS Secretary Jeh Johnson pitched RSA Conference attendees on working for the department’s NCCIC initiative, as well as providing help on solving the NSA’s frontdoor problem.
Dell released its annual threat report yesterday, ringing the alarm bells on point-of-sale and industrial control system attack in 2014 and beyond.
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and[…]
The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers vulnerable to the issue. The problem[…]
Researchers at Fidelis report a new strain of AlienSpy, a remote access tool that’s being used to deliver the Citadel Trojan to critical industries.
New Obama Administration Executive Order declares a cyber-national emergency and research advocates worry that sanctions could chill security research work.
The FBI has warned consumers about a rash of phony websites posing as government services.
There are a series of vulnerabilities related to credentials and authentication in two of Schneider Electric’s HMI products, and an attacker who exploits them may be able to run arbitrary code.