What Happens When a Nuclear Site Is Hit?

As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf...

Schneider Electric EcoStruxture IT Data Center Expert

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

AttentionGuard: Transformer-Based Misbehavior Detection for Secure Vehicular Platoons

Vehicle platooning, with vehicles traveling in close formation coordinated through Vehicle-to-Everything V2X communications, offers significant benefits in fuel efficiency and road utilization. However, it is vulnerable to sophisticated falsification attacks by authenticated insiders that can...

Schneider Electric Trio Q Licensed Data Radio

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Schneider Electric PowerLogic P5

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Traffic Alert and Collision Avoidance System (TCAS) II

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition. 2. VULNERABILITY SUMMARY By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed...

Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters Cleartext Transmission of Sensitive Information (CVE-2022-46680)

A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. This plugin only works with Tenable.ot. Please visit...

From open Guest Wi-Fi to pwning a lift

…or why validating network segregation is critical TL;DR A recent engagement took quite an unexpected turn and led to me having remote control of a bunch of building services including a lift from the street outside, unauthenticated. A single firewall rule bypassed some well configured VLANs and...

What’s most interesting about the Florida water system hack? That we heard about it at all.

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this weeks news about a hacker who tried to poison a Florida towns water supply was understandably front-page material. But for security nerds whove been warning about this sort of...

ICS Attackers Set To Inflict More Damage With Evolving Tactics

Future attacks on industrial control system ICS networks may inflict even more damage in the long run, according to new research. Analysts expect them to evolve from attacks that have immediate, direct impact to those with multiple stages and attack vectors that are more stealthy. While it remain...

Expert Advises Caution on SCADA Security Hysteria

TORONTO–The months-long hysteria over Stuxnet and its hyper-sophistication and passel of unknown vulnerabilities has had the effect of creating a secondary wave of panic about the vulnerability of industrial control and SCADA systems. But the concern about spontaneous utility outages and...