A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor. […]
Tag Archives: Critical Infrastructure
Researcher Finds CSRF Bug in Wind Turbine Software
Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher has discovered a cross-sire request forgery vulnerability in the operating system that runs […]
Security Researchers Wary of Proposed Wassenaar Rules
The Commerce Department’s Bureau of Industry and Security today made public its proposal to implement the controversial Wassenaar Arrangement.
APT Group Embeds Command and Control Data on TechNet Pages
The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources.
Rockwell Automation Patches Buffer Overflow in ICS App
There is a stack buffer overflow in a Rockwell Automation application that’s used to enable communications in industrial control applications used in manufacturing, energy, water,and other environments. The vulnerability is in the RSLinx Classic product and it can be used to crash the application or run arbitrary code. However, the bug is not exploitable remotely […]
Weak Homegrown Crypto Dooms Open Smart Grid Protocol
Researchers in Europe have published research examining weak, homegrown cryptography used in the Open Smart Grid Protocol.
OpenSSL Past, Present and Future
Heartbleed made the world notice what kind of shape OpenSSL development was in from a financial and resources standpoint. In the year since, the project has been funded enough to hire full-time engineers and a crucial refactoring of the codebase has the project in the right direction.
Mozilla to Remove Turkish CA From Firefox Trust Store
Mozilla is removing a Turkish root CA from the Firefox trust store, not because of a compromise or a mistakenly issued certificate, but because the certificate authority hasn’t lived up to the audit requirements Mozilla has for trusted CAs. Like other browser vendors, Mozilla has a lengthy policy that sets out the requirements for CAs to […]
Siemens Patches Ghost Flaw Simatic Product
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an […]
Dell Threat Report Claims 100 Percent Increase in SCADA Attacks
Dell released its annual threat report yesterday, ringing the alarm bells on point-of-sale and industrial control system attack in 2014 and beyond.