Threatpost News Wrap, June 11, 2015
Dennis Fisher and Mike Mimoso discuss the Duqu 2.0 attack and its ramifications, the addition of HSTS support to Windows 7 and 8.1 and the rest of the news of the week.
Critical Infrastructure
Researcher Finds CSRF Bug in Wind Turbine Software
UPDATE–Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher named Maxim Rupp has discovered a cross-sire request forgery vulnerability in the operating […]
Rockwell Addresses Weak Password Protections in its HMI Software
Human machine interface software from Rockwell Automation has been patched, protecting users from a vulnerability in the way stored passwords are protected.
The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.
A coalition of 150 tech companies and privacy champions sent a letter to President Obama urging him to reject any proposals mandating backdoor access to software and devices.
The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources.
The Open Smart Grid Protocol Alliance said updates will be rolled out in September to networks and devices that address weak homegrown cryptography pointed out in a research paper.
There is a stack buffer overflow in a Rockwell Automation application that’s used to enable communications in industrial control applications used in manufacturing, energy, water,and other environments. The vulnerability is in the RSLinx Classic product and it can be used to crash the application or run arbitrary code. However, the bug is not exploitable remotely […]
Researchers in Europe have published research examining weak, homegrown cryptography used in the Open Smart Grid Protocol.
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.
