New Tool Will Automate Password Cracks on Common SCADA Product

The fallout from last month’s S4 Conference continues in February, with a planned Valentine’s Day release of tools that make it easy to test and exploit vulnerable programmable logic controllers and other industrial control systems. Among the releases will be a tool for cracking passwords on the common ECOM programmable logic controllers by Koyo Electronics, a Japanese firm, according to a blog post by Reid Wightman for Digital Bond.

Researchers at a German university have broken the encryption of the two main standards used to protect calls from satellite phones, giving them the ability to intercept conversations that are meant to be private. The attacks on the GMR-1 and GMR-2 standards are thought to be the first such work against the satellite phone ciphers.

Injecting malicious code into the HTML used on legitimate Web sites is a key part of the infection lifecycle for many attack crews, and they often disguise and obfuscate their code to make it more difficult to analyze or so it appears to be legitimate code. The latest instance of this technique has seen attackers employing code that is meant to look like Google Analytics snippets, but instead sends victims off to a remote site that’s hosting the Black Hole Exploit Kit. Not the desired result.

In the face of mounting evidence that the CA system is inherently flawed, Google officials are in the process of making changes to the way Chrome handles certificate revocations, and no longer will be using online revocation checks. Instead, Chrome will use the existing update system in the browser to accomplish this task.

DDoS attacks come in all shapes and sizes, and in a lot of cases, the victims of the attacks don’t much care who is executing the attack or why. They just know that their network is being overwhelmed with junk traffic. But the last year has seen a major volume of politically motivated attacks, and new research shows that as much as 35 percent of DDoS are the result of some political or ideological motivation.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.