Blog

Langner: Stuxnet Is a Stealth Control System

June 24, 2014

Speaking at the S4ICS conference in Miami, FL on Wednesday, Ralph Langner described Stuxnet as a long-term Man-in-the-Middle attack rather than a short-term virus attack.

Stuxnet is a two-step malware product that first infects Windows systems, then attacks Siemens System 7 PLC units, such as those being used in Iran for nuclear research. Langner, a security researcher who knows more about Stuxnet code than practically anyone else, was quoted as saying, "we are 100 percent confident that Stuxnet's target was the Natanz enrichment plant in Iran."

Read More

Rockwell To Patch SCADA Flaw Soon

June 24, 2014

Within the next seven days, Rockwell Automation will release a patch for a supervisory control and data acquisition (SCADA) vulnerability first made public last Friday.

Read More

SCADA Vulnerabilities Continue

June 24, 2014

Security researcher Luigi Auriemma has unearthed a few more SCADA vulnerabilities, most affect the Human–machine interface (HMI) systems. As a result US-CERT has published alerts much like this one for all of Auriemma's new vulnerabilities. This is becoming a standard drill for the ICS industry.

In March 2011, Auriemma published thirty-some vulnerabilities after claiming he had no prior experience with SCADA systems. In June, Siemens patched vulnerabilities posted by Dillon Breseford.

Read More

SCADA Software Vulnerable To Stack Overflows

June 24, 2014

The US Industrial Control Systems Computer Emergency Response Team (ICS-CERT) is warning of a new stack overflow in an ActiveX control used in Iconics WebHMI, Genesis32, BizViz HMI and SCADA systems.

Read More
COMMENTS