Two security researchers have developed an undetectable PLC rootkit that will present at the upcoming Black Hat Europe 2016. The energy industry is under unceasing attack, cyber criminals, and state-sponsored hackers continue to target the systems of the companies in the sector. The Stuxnet case has demonstrated to the IT community the danger of cyber attacks, […]
At the DEF CON conference, a group of three researchers from Red Balloon Security has demonstrated how to hack a computer through its monitor. It is a common error consider monitors as a passive device that could not be exploited by attackers to hack our systems. The reality is quite different, attackers could hijack every monitor […]
FireEye documented more than 1,500 vulnerabilities affecting ICS disclosed in the past 15 years, and some of them are still present. Security of critical infrastructure is a pillar of the cyber strategy of any government, both the NIS directive and Warsaw NATO summit stressed the importance of a proper security posture to protect our systems from cyber […]
Researchers discovered two flaws in the Siemens SICAM PAS widely used in the energy industry. One of the vulnerabilities is still unpatched. Security experts from Positive Technologies that have reviewed the Siemens SICAM PAS (Power Automation System) solution have discovered two information disclosure vulnerabilities (CVE-2016-5848 and CVE-2016-5849) that can be exploited by a local attacker. The experts […]
Experts at FireEye spotted IRONGATE a mysterious strain of malware that appears to be designed to target industrial control systems (ICS). Security researchers at FireEye have spotted a new strain of malware IRONGATE has been designed to compromise industrial control systems (ICS). The malicious code was designed to manipulate a specific industrial process in a simulated Siemens control […]
Security experts from SCADA StrangeLove group disclosed SCADAPASS, a list of default credentials for ICS and SCADA systems. Recently I wrote about the SCADA StrangeLove research team reporting their study on the level of cyber security implemented in modern railroad systems . Now the SCADA StrangeLove group has published a list of default credentials, dubbed âSCADAPASS,â associated with industrial […]
The nuclear industry is still unprepared to respond cyberattacks exposing civil nuclear facilities worldwide at risk of cyber attacks. Civil nuclear facilities worldwide are privileged targets for cyber attacks, according to a new report published this week by the Chatham House. The Stuxnet attack that targeted Iranian nuclear facilities demonstrated the risks for cyberattacks, for the first […]
A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems. The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year. Unfortunately, the majority of incidents occurred in SCADA systems is […]
DHS ICS-CERT MONITOR report reveals that most critical infrastructure attacks involve APTs, but organizations lack monitoring capabilities. The DHSâs Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 â February 2015. The ICS-CERT MONITOR report According to the report, the Industrial Control Systems […]
Industrial control systems are in danger of being hacked by using a modified version of the BadUSB attack says Michael Toecker in his presentation at the Security Analyst Summit 2015 in Cancun. Not that long ago, BadUSB swept across the cybersecurity community as one of the hottest hacks of the year. BadUSB featured the ability […]