Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support

In the energy and utility sector, safeguarding data and ensuring compliance with regulatory standards is paramount. With the increasing digitalization of operations, from smart grids to IoT-enabled devices, the need for robust encryption methods to protect sensitive information has never been...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability (CNVD-2023-62042)

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability (CNVD-2023-62043)

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database a...

Siemens RUGGEDCOM CROSSBOW Authentication Vulnerability Missing Critical Functions

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. An authentication vulnerability in Siemens RUGGEDCOM CROSSBOW that lacks critical functionality can be exploited by an attacker to write arbitrary files to the file...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices.A SQL injection vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the fact that the audit logs of affected applications are vulnerable to SQ...

Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability (CNVD-2023-17662)

An access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices, which stems from a failure of the affected application's client-side query handler to check for...

Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability (CNVD-2023-17661)

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices. an access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the failure of the affected application's client-side query handl...

Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices. an access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the failure of the affected application's client-side query handl...

Cloud Audit: Compliance + Automation

Setting your own standard Today’s regulatory environment is incredibly fractured and extensive. Depending on the industry—and the part of the world your business and/or security organization resides in—you may be subject to several regulatory compliance standards. Adding to the complexity, there ...

Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule

The SEC recently proposed a regulation to require all public companies to report cybersecurity incidents within four days of determining that the incident is material. While Rapid7 generally supports the proposed rule, we are concerned that the rule requires companies to publicly disclose a cyber...

Meet critical infrastructure security compliance requirements with Microsoft 365

Critical infrastructure operators face a hostile cyber threat environment and a complex compliance landscape. Every operator of an industrial control system also operates an IT network to service its productivity needs. A supervisory control and data acquisition SCADA system operator of a power...

Meet critical infrastructure security compliance requirements with Microsoft 365

Critical infrastructure operators face a hostile cyber threat environment and a complex compliance landscape. Every operator of an industrial control system also operates an IT network to service its productivity needs. A supervisory control and data acquisition SCADA system operator of a power...

GE Reason DR60

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason DR60 Vulnerabilities: Hard-coded Password, Code Injection, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

NERC CIP Compliance in Azure vs. Azure Government cloud

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...

NERC CIP compliance in Azure

When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. As it does today, the Bulk...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

fpan.us XSS vulnerability

Open Bug Bounty ID: OBB-559801 Description| Value ---|--- Affected Website:| fpan.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Squirrels, Not Hackers, Pose Biggest Threat to Electric Grid

SAN FRANCISCO–The crown jewel of North America’s critical infrastructure is its electric grid. A successful cyberattack on it would be devastating. But according to Marcus Sachs, CSO with the North American Electric Reliability Corporation NERC, fears of a cyberattack are overblown. Sachs told RS...

Electric Cybersecurity Regulations Have Serial Problem

A class of SCADA vulnerabilities discussed at a recent conference is getting attention not only for the risks they pose to master control systems at electric utilities, but also for illuminating a dangerous gap in important critical infrastructure regulations. Researchers Adam Crain and Chris...

[SecureCheq v1.0] The Security Configuration Management made easy!

SecureCheq is a fast, simple utility for Windows servers and desktops that answers these questions while it tests for common configuration risks. This free utility: Tests for a subset of typical and often dangerous Windows configuration errors Provides detailed remediation and repair advice Tests...