Join thousands of people who receive the latest breaking cybersecurity news every day.
UPDATE: An independent security researcher has warned officials in Australia, the US and China about a serious, remotely exploitable hole in language translation software that is used by leading corporations, universities and governments.
Researchers at NSS Labs claim that they’ve spotted attacks that use Sipvicious, a common auditing tool for Voice over IP (VoIP) networks as part of malicious attacks aimed at taking control of vulnerable VoIP servers. The attacks are apparently aimed at taking control of VoIP servers to place unauthorized calls.
The U.S. CERT has issued a security advisory firms using industrial control systems software from the Chinese firm Sunway in the U.S. after a researcher discovered remotely exploitable holes that could be used to knock out or take control systems running the company’s software.
The media storm over the Stuxnet worm may have passed, but many of the software holes that were used by the worm remain unpatched and leave Siemens customers open to a wide range of potentially damaging cyber attacks, according to industrial control system expert Ralph Langner.
Siemens AG said on Tuesday that it was talking to its customers about what it acknowledged were “security gaps” in its Programmable Logic Controllers (PLCs), after an NSS Labs researcher disclosed the discovery of what he described as serious security holes in the company’s industrial control systems.
Security researcher Dillon Beresford decided not to present a talk at the TakedownCon in Dallas on Thursday, citing concerns about mayhem that could have resulted. But in an e-mail, he told Threatpost that the vulnerabilities could allow remote attackers to start or stop Siemens Programmable Logic Controllers (PLCs) and harvest information from the devices.
The official line in Washington D.C. is that there’s a new Cold War brewing, with an ascendant China in the place of the old Soviet Union, and cyberspace as the new theater of war. But work done by an independent security researcher suggests that the Chinese government is woefully unprepared to fend off cyber attacks on its own infrastructure.
China’s Computer Emergency Response Team (CERT) admitted that it missed a September e-mail message from a researcher at NSS Labs that pointed out a critical vulnerability in a commonly used SCADA (Supervisory Control And Data Acquisition) software package. The lapse resulted in a gap of almost four months before the hole was patched.
InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.