LAS VEGAS–The Internet that we use today was not designed as a cohesive network. It was put together from found bits and pieces over the course of the last few decades, and, as major bugs such as Heartbleed and others have shown, it’s a frighteningly fragile construction. Attackers know this as well as anyone, and […]
Tag Archives: Critical Infrastructure
BlackEnergy Malware Used in Attacks Against Industrial Control Systems
Attackers are using BlackEnergy malware to attack HMI software running inside industrial control systems, according to an advisory from ICS-CERT.
Cyberespionage: ‘This Isn’t a Problem That Can Be Solved’
WASHINGTON–Gentlemen may not read each other’s mail, as Henry Stimson famously said so long ago, but in today’s world they certainly steal it and there’s precious little in the way of gentlemanly conduct happening in the realm of cyberespionage. It’s every man—or country—for himself in this environment, and that free-for-all is creating unforeseen consequences for […]
Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.
DARPA Working on Provably Secure Embedded Software
DARPA is working on a new kind of software that is provably secure for specific properties.
Patching Bash Vulnerability a Challenge for ICS, SCADA
Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability.
Small Signs of Progress on DNSSEC
SEATTLE–DNS doesn’t have a lot of friends. It’s old, it’s kind of creaky and it has some insecurity issues. The few friends it has have tried to help it out in the last few years with the addition of DNSSEC, but that hasn’t gone so well, either. The Internet hasn’t been quick to adopt DNSSEC, […]
White House: Internet Not Borderless, But Lacking Interior
White House special assistant to the President and Cybersecurity Coordinator Micheal Daniel explains that a series of simple, known issues add up to a very difficult Internet security problem.
Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability Disclosure
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but […]
Watering Hole Attack Targets Automotive, Aerospace Industries
A new watering hole attack is targeting the aerospace, automotive and manufacturing industries with a new reconnaissance malware tool called “Scanbox.”