Plaintext Supermicro IPMI Credentials Exposed
Weaknesses in Supermicro IPMI-based baseboard management controllers expose remote passwords in plaintext.
Critical Infrastructure
Flaws Found in USCIS RFID Card Production System
The system that’s used to produce RFID-enabled identification cards–including permanent resident IDs–by the United States Citizenship and Immigration Service has a number of serious security issues, according to a new report from the Office of the Inspector General at DHS. Among the issues the OIG found is that nearly all of the workstations in the system […]
ICS-CERT Warns of Easily Hackable Road Signs
ICS-CERT has issued an alert warning that a certain software that manages electronic highways signs contains a vulnerability that makes such signs susceptible to hacking.
Noted researcher Dan Farmer published a paper on the depth and breadth of IPMI vulnerabilities in server Baseboard Management Controllers, and the news isn’t good.
A SCADA vulnerability could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability is left unpatched.
The Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project.
Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device. […]
Three federal agencies crucial to critical infrastructure protection will be allowed to continue to voluntarily assess cyber risk, rather than force the development and implementation of additional regulations.
Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the systems were only protected by simple passwords. Officials at the ICS-CERT, […]
Industrial control systems manufacturers are continuing to discover and provide fixes for the OpenSSL Heartbleed vulnerability.
