Pierluigi Paganini August 02, 2017
ICS-CERT Issues Warning of CAN Bus Vulnerability

The US ICS-CERT issued an alert in response to a public report of a vulnerability in the Controller Area Network BUS (CAN BUS). On Friday (28th of July), the Industrial Controls Systems Cyber Emergency Team or ICS-CERT, issued an alert in response to a public report of a vulnerability in the Controller Area Network (CAN), […]

Pierluigi Paganini October 04, 2016
ICS-CERT annual vulnerability coordination report 2015, +74% flaws

The US ICS-CERT published its annual vulnerability coordination report for FY 2015 that provided information about security holes reported to the agency. The US ICS-CERT has published its annual vulnerability coordination report for the fiscal year 2015. The report included detailed information about security vulnerabilities reported to the US ICS-CERT in 2015. “ICS-CERT is pleased to announce the release of […]

Pierluigi Paganini August 24, 2016
Navis WebAccess app used by US Ports is affected by a SQL injection flaw

The Navis WebAccess application used in the transportation sector worldwide is affected by a high severity SQL injection vulnerability. A software used in the US ports is affected by a high severity SQL Injection vulnerability (CVE-2016-5817). The flaw was discovered by a hacker behind the online moniker “bRpsd,” the expert has discovered the vulnerability in […]

Pierluigi Paganini August 18, 2015
ICS-CERT warns for 0-Day vulnerabilities in SCADA systems

The ICS-CERT has recently published six security advisories to warn organizations about a number of 0-day flaws in SCADA systems. The ICS-CERT has published six advisories to warn organizations about the presence of Zero-Day Flaws in SCADA Systems. Aditya K. Sood, security researcher at Elastica, has revealed in a talk at the Def Con 2015 conference several vulnerabilities […]

Pierluigi Paganini June 14, 2015
Researcher found Wind turbines and solar systems vulnerable worldwide

A German security researcher reported hundreds of wind turbines and solar systems wide open to easy exploits worldwide due to the lack of security by design The German researcher Maxim Rupp has discovered numerous security issues in clean energy systems, including solar lighting and wind turbines. The possible consequence of a cyber attack is the […]

Pierluigi Paganini April 15, 2015
Dell report revealed attacks on SCADA system are doubled

A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems. The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year. Unfortunately, the majority of incidents occurred in SCADA systems is […]

Pierluigi Paganini March 16, 2015
ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs

DHS ICS-CERT MONITOR report reveals that most critical infrastructure attacks involve APTs, but organizations lack monitoring capabilities. The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report According to the report, the Industrial Control Systems […]

Pierluigi Paganini January 22, 2015
Schneider Electric SCADA Gateway contains Hard-Coded FTP Credentials

Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. ICS-SCADA systems are critical components of for our society, they are often vital system inside critical infrastructure, but we still continue to discover naive vulnerabilities in the software they run. The latest surprising discovery was made by security experts […]

Pierluigi Paganini January 14, 2015
GE Multilink Switches affected by critical vulnerabilities

GE MultiLink managed switches are affected by two vulnerabilities which could be exploited to gain unauthorized access and run DoS attacks on the device. Managed Ethernet switches produced by GE include the hard-coded private SSL key in a number of network devices. The Ethernet switches that present the security hole are designed for use in industrial […]

Pierluigi Paganini December 12, 2014
BlackEnergy exploits recently fixed flaws in Siemens WinCC

The ICS-CERT revealed that the BlackEnergy malware targeted SCADA HMI systems may be exploiting a recently patched flaw in the Siemens SIMATIC WinCC. Security experts at the Industrial Control System Cyber Emergency Response Team (ICS-CERT)  reported that the BlackEnergy malware was used by threat actors in the wild to compromise HMI (human-machine interface) systems. The […]