A Malta-based security company that sells 0-days to vendors has released a Vimeo video highlighting vulnerabilities the company has discovered in various SCADA software systems.Read More >
Security researcher Billy Rios took issue on Wednesday with a Siemens statement that there are "no open issues regarding authentication bypass bugs at Siemens." What followed was a security rant on Rios' personal blog that should be very familiar by now: Here's another company that is handling its security disclosures very poorly.Read More >
After a month of back and forth between a vendor and a security researcher, Siemens has patched two of the SCADA vulnerabilities first identified in May by Dillion Breseford. Breseford pulled his talk from TakeDownCon in Dallas after requests from both the vendor and the Department of Homeland Security.Read More >
The researcher who found a PLC vulnerability within the Siemens’ Step7 will present his findings at the annual Black Hat USA to be held August 2-3, in Las Vegas, Nevada.
In May, NSS security researcher Dillion Breseford pulled his talk from TakeDownCon in Dallas after requests from the vendor and the Department of Homeland Security. But, after a few days with Siemens downplaying the severity of the attack, Breseford lashed out at the vendor's statement that the attack could only be carried out using special equipment.Read More >
On Wednesday, Dillon Beresford of NSS Labs canceled his talk at TakeDownCon in Dallas, Texas, after concerns that bad actors might use his demonstration to cause physical damage to SCADA facilities worldwide. The next speaker at the conference tweeted that he was up next because the SCADA talk had been cancelled, prompting media speculation of government or vendor censorship. In the past, vendors have sued researchers in order to prevent public disclosure.Read More >