Cost of Doing APT Business Dropping
The range of targets APT groups are going after is widening, as are the levels of talent and financing these groups possess.
Critical Infrastructure
Government Agencies Failing at Basic Security Hygiene
Government computer systems remain vulnerable to attack, largely because of a failure to properly patch vulnerabilities and the continued use of poor passwords, a DHS report concludes.
Threatpost News Wrap, January 24, 2014
Dennis Fisher and Mike Mimoso talk about the big security stories of the last couple of weeks, including the developments in the Target data breach, the president’s speech on NSA surveillance reforms and SCADA security woes.
The security of serial communications over the DNP3 protocol are not covered by NERC regulations; meanwhile researchers are exposing vulnerabilities in DNP3 implementations.
A bill to protect American critical infrastructure has passed in committee and is ready for a vote in the U.S. House of Representatives.
American gas and oil companies have been targeted in espionage campaigns since 2012, according to a new research report.
SCADA software company Ecava announced it has released a patch for a zero day in its HMI product that was disclosed this week at the S4 Conference.
The Department of Homeland Security is warning the maintainers of industrial control systems (ICS) about a remotely exploitable uncontrolled resource consumption vulnerability in Schneider Electric’s ClearSCADA software.
Researchers have discovered two serious vulnerabilities in industrial Ethernet switches manufactured by Siemens that could enable attackers to perform unauthorized actions on the switches without authentication. One of the bugs allows attackers to hijack Web sessions and the other enables them to perform admin tasks on the switches. The vulnerabilities were discovered by researchers at […]
A wireless gateway used in the energy and transportation industries is vulnerable to remote exploit, ICS-CERT said.
