Blog

US Power Stations Targeted By Malware

June 25, 2014

A report by the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) states that two US power stations were the targets of malware attacks.

Read More

DHS Warns Of Tridium Niagara AX Framework Risk

June 24, 2014

The Department of Homeland Security today warned that software used to control or monitor medical devices, elevators, video cameras, or security systems was vulnerable to attack.

Read More

Researcher: Siemens Ignores Auth Bypass Vulnerabilities

June 24, 2014

Security researcher Billy Rios took issue on Wednesday with a Siemens statement that there are "no open issues regarding authentication bypass bugs at Siemens." What followed was a security rant on Rios' personal blog that should be very familiar by now: Here's another company that is handling its security disclosures very poorly.

Read More

Remote SCADA Vulnerabilities Hit Schneider Electric

June 24, 2014

On Monday, a security researcher published new vulnerabilities affecting remote access to the “NOE 771” devices manufactured by Schneider Electrics, one of the world's largest manufacturer of SCADA system devices. The vulnerabilities prompted the ICS-CERT to issue an alert.

Rubén Santamarta (a.k.a. "Reverse Mode"), a 29-year old European-based independent security researcher who previously showed how to hack into the Large Hadron Collider at CERN, said that he was able to attack these devices remotely after first locating vulnerable NOE 771 devices through the SHODAN search engine and then downloading the firmware from Schneider Electric. After reverse engineering the firmware update, Santamarta found he could load a trojanized firmware update, use non-documented hidden accounts, and use other non-documented functionalities. The trouble is in how the devices access remote access commands.

Read More

SCADA Software Vulnerable To Stack Overflows

June 24, 2014

The US Industrial Control Systems Computer Emergency Response Team (ICS-CERT) is warning of a new stack overflow in an ActiveX control used in Iconics WebHMI, Genesis32, BizViz HMI and SCADA systems.

Read More
COMMENTS