85 matches found
DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution
In and advisory, the Department of Homeland Security’s Industrial control System ICS CERT said that it doesn’t believe the Flame malware targets industrial control systems ICS or SCADA systems, but the group advised critical infrastructure owners to be on alert. The advisory, issued Wednesday,...
RuggedCom Devices - Backdoor Access
Title: Undocumented Backdoor Access to RuggedCom Devices Author: jc Organization: JC CREW Date: April 23, 2012 CVE: CVE-2012-1803 Background: RuggedCom is one of a handful of networking vendors who capitalize on the market for "Industrial Strength" and "Hardened" networking equipment. You'll find...
Bloody Valentine For Critical Infrastructure: EtherNet/IP Exploit Could Crash Devices
Security researchers made good on a promise to release new exploits for programmable logic controllers PLCs. The exploits include one targeting a flaw in the implementation of the EtherNet/IP Industrial Protocol used in many IP-enabled PLCs. The security hole, if left unaddressed, could enable a...
Ryan Naraine on the Koobface Expose and SCADA 0-Day Disclosures
Dennis Fisher talks with long-lost Threatpost editor Ryan Naraine about the intricacies of the disclosure of the identities of the alleged Koobface gang members, whether we’ll see more of that kind of action and whether the recent trend toward disclosing 0-days in SCADA systems will continue...
Key infrastructure systems of 3 US cities Under Attack By Hackers
Key infrastructure systems of 3 US cities Under Attack By Hackers BBC News Reported that the Federal Bureau of Investigation FBI announced recently that key infrastructure systems of three US cities had been accessed by hackers. Such systems commonly known as Supervisory Control and Data...
Stuxnet Part II, III and IV
The nation-state sponsored malware arms race is on. Stuxnet may have been the “Shot heard round the world” but we think its likely that 2012 will witness a number of other skirmishes, with malware linked to foreign governments hostile to or allied with U.S. and Western nations infecting and...
Homeland Security Warns SCADA Operators Of Internet-Facing Systems
In the wake of the hack of water and sewer infrastructure operated by a Texas community, the Department of Homeland Security is again warning owners and operators of critical infrastructure to take note of SCADA and industrial control systems that may be accessible from the Internet. DHS’s...
First Ever Joint EU-US Cyber War Game Starts
Despite extreme upheaval and rampant infighting caused by the European debt crisis, the EU and U.S. are banding together today in Brussels and shifting its focus toward cyber security. The European Network and Information Security Agency ENISA and the U.S. Department of Homeland Security will be...
0-Day SCADA Exploits Publicly Exposed by Italian researchers
0-Day SCADA Exploits Publicly Exposed by Italian researchers An Italian researcher has uncovered at least a dozen security flaws in software used in utilities and other critical infrastructure systems, prompting security advisories from the U.S. government. Security researcher Luigi Auriemma...
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
$Id: teechartpro.rb 13554 2011-08-13 02:05:08Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Live in Vegas: Latest from Black Hat and DEFCON
UPDATED: The Black Hat Briefings and DEFCON hacker shows hadn’t even gotten under way before making news. Even before braving the 115 degree heat of the Las Vegas strip, researchers have been pulling the covers off their work in recent weeks, and Threatpost has been there, reporting on new method...
Wide Range of GSM Modules, SCADA Systems Vulnerable to Remote Control
If you think your car is safe and secure sitting in your driveway at night with its fancy alarm system enabled, Don Bailey has some bad news for you: he can unlock it and turn it on. Whenever he wants. From the other side of the country. Bailey, a senior security consultant at iSEC Partners known...
Database of China Foreign Affairs Experts Left Wide Open
A U.S. security expert has uncovered data on more than 10,000 job applicants for positions with China’s State Administration of Foreign Experts Affairs, including user names and passwords that could be used to gain access to other sensitive government systems. The discovery by Dillon Beresford, a...
Insecure Mail Server Offers Chinese Government Accounts To The Masses
A security researcher who identified holes in SCADA software used by utilities in China has issued a new warning to that country’s CERT about insecure Web infrastructure, including an e-mail server that allows any Web user to create their own Chinese government mail account. Dillon Beresford, a...
Study: Three Of Four Energy Firms Had Data Breach In Last Year
Three quarters of global energy corporations have suffered one or more data breaches in the last 12 months, according to a new survey by The Ponemon Institute, which finds evidence of widespread shortcomings in the energy and utilities vertical. The report, “The State of IT Security: Study of...
Understanding the Dangers of Stuxnet in Industrial Control Systems
Stuxnet is a sophisticated virus specifically designed to attack supervisory control and data acquisition SCADA systems manufactured by Siemens, a German industrial giant. These systems are commonly used to manage water supplies, power plants, and other industrial facilities, making the worm...
Stuxnet Virus Could Threaten U.S. Infrastructure, Warns DHS Official
The computer virus Stuxnet, which some experts believe was created specifically to target Iran's nuclear facilities, could also threaten U.S. infrastructure, according to a senior Department of Homeland Security official. "That virus focused on specific software implementations, and those softwar...
Exposing SCADA Systems With Shodan
Editor’s Note: The U.S.’s Industrial Control System Computer Emergency Response Team ICS-CERT recently issued a warning to its members about the ability of attackers to discover ICS systems using a simple search on Shodan, a public search engine that is used to locate systems accessible from the...
Expert Advises Caution on SCADA Security Hysteria
TORONTO–The months-long hysteria over Stuxnet and its hyper-sophistication and passel of unknown vulnerabilities has had the effect of creating a secondary wave of panic about the vulnerability of industrial control and SCADA systems. But the concern about spontaneous utility outages and...
Stuxnet Worm Detection
The remote Windows host has files present on the system that indicate the Stuxnet worm has infected the system. This worm attempts to spread in several ways, making use of known Windows vulnerabilities and removable media. It has been seen making use of several 0-day vulnerabilities as well as...