8 matches found
Siemens SCALANCE W700 Integer Overflow or Wraparound (CVE-2023-45853)
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. This plugin only works with Tenable.ot. Please visit...
5 Reasons Why IT Security Tools Don't Work For OT
Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk...
Ransomware gunning for transport sector's OT systems next
ENISA the European Union Agency for Cybersecurity has reason to believe that ransomware gangs will begin targeting transportation operational technology OT systems in the foreseeable future. This finding is further explored in the agency's 50-page report entitled ENISA Threat Landscape: Transport...
The High Cost of Human Error In OT Systems
In baseball, a mistake made by a player that could have easily been avoided is sometimes called an “unforced error.” An unforced error is not an official error that is, they are not reflected in statistics, however, they can result in additional runs being scored, runners getting on base, and eve...
CEOs Could Be Held Personally Liable for Cyberattacks that Kill
A full 75 percent of top brass at companies will be personally on the hook for cyber-physical security CSP incidents by 2024 – especially those that involve fatalities. That’s according to the Gartner research firm, which predicted this week that CEOs soon will no longer be able to hide behind...
NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
The U.S. National Security Agency NSA and the Cybersecurity and Infrastructure Security Agency CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric...
Pen Testing Ships. A year in review
Partially driven by the upcoming inclusion of Cyber Security by the IMO International Maritime Organisation, 2019 was a really busy year for maritime security testing at PTP. What can we all learn from a year of evaluating the security of ships? We’ve been involved in all sorts of ship testing,...
Hacking Serial Networks on Ships
Three different ways to intercept and modify serial data on ship networks. The serial data that controls steering, engine control and so much more on board ship… How-to Vessels typically have two distinct networks on board; one IP/ethernet network for business systems, crew mail & web browsing an...