New SCADA Vulnerabilities Come With a YouTube Video

By Robert Vamosi | 11/26/12 2:11 AM

A Malta-based security company that sells 0-days to vendors has released a Vimeo video highlighting vulnerabilities the company has discovered in various SCADA software systems.

Read More >

Siemens Patches Last Of Stuxnet Flaws

By Robert Vamosi | 7/30/12 5:04 AM

In the summer of 2010, the Stuxnet malware made history by attack physical hardware. Nearly two years later, the vendor, Siemens, has announced the last of the patches to ward off future Stuxnet-like attacks.

Read More >

Researcher: Siemens Ignores Auth Bypass Vulnerabilities

By Robert Vamosi | 12/22/11 3:14 AM

Security researcher Billy Rios took issue on Wednesday with a Siemens statement that there are "no open issues regarding authentication bypass bugs at Siemens." What followed was a security rant on Rios' personal blog that should be very familiar by now: Here's another company that is handling its security disclosures very poorly.

Read More >

Prisons Vulnerable to Stuxnet-like Worms

By Robert Vamosi | 8/1/11 4:57 AM

Stuxnet-like worms might also affect US prisons, according to a researcher at the this week's DefCon 19 security conference in Las Vegas.

Read More >

Siemens Patches PLC Vulnerabilities

By Robert Vamosi | 6/20/11 8:01 AM

After a month of back and forth between a vendor and a security researcher, Siemens has patched two of the SCADA vulnerabilities first identified in May by Dillion Breseford. Breseford pulled his talk from TakeDownCon in Dallas after requests from both the vendor and the Department of Homeland Security.

Read More >

Black Hat USA To Show SCADA Flaw

By Robert Vamosi | 6/8/11 3:03 AM

The researcher who found a PLC vulnerability within the Siemens’ Step7 will present his findings at the annual Black Hat USA to be held August 2-3, in Las Vegas, Nevada.

In May, NSS security researcher Dillion Breseford pulled his talk from TakeDownCon in Dallas after requests from the vendor and the Department of Homeland Security. But, after a few days with Siemens downplaying the severity of the attack, Breseford lashed out at the vendor's statement that the attack could only be carried out using special equipment.

Read More >

More SCADA Vulnerabilities Found

By Robert Vamosi | 5/19/11 5:35 AM

On Wednesday, Dillon Beresford of NSS Labs canceled his talk at TakeDownCon in Dallas, Texas, after concerns that bad actors might use his demonstration to cause physical damage to SCADA facilities worldwide. The next speaker at the conference tweeted that he was up next because the SCADA talk had been cancelled, prompting media speculation of government or vendor censorship. In the past, vendors have sued researchers in order to prevent public disclosure.

Read More >