ICS-CERT – Page 2 – WindowsTechs.com

US-CERT: hackers are targeting our critical infrastructure

Posted on October 24, 2017 by Taylor Armerding

US-CERT doesn’t often go public with warnings about cyber threats to critical infrastructure. So, why now? Continue reading US-CERT: hackers are targeting our critical infrastructure→

Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol

Posted on September 29, 2017 by Chris Brook

Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom protocol to apply firmware updates this week. The updates resolve a serious and remotely exploitable vulnerability that could let an attacker carry out administ… Continue reading Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol→

Smart pumps used by hospitals in IV drips vulnerable to attacks

Posted on September 13, 2017 by Lisa Vaas

Eight flaws were found in the pumps used to deliver precise doses of drugs – and where a misdose thanks to an attack could be fatal Continue reading Smart pumps used by hospitals in IV drips vulnerable to attacks→

DHS promotes from within to fill cyber deputy assistant secretary role

Posted on August 14, 2017 by Shaun Waterman

Rick Driggers, one of two deputy directors at the Department of Homeland Security’s 24-hour watch operation, the National Cybersecurity and Communications Integration Center, has been promoted to be DHS deputy assistant secretary for cybersecurity and communications, a DHS official confirmed Monday. Driggers is taking over the post vacated by DHS veteran Danny Toler, and once held by former Federal CISO Greg Touhill. The official told CyberScoop Driggers “will gradually assume the responsibilities of his new position over the next few weeks.” In his new position, Driggers reports to Assistant Secretary for Cybersecurity and Communications Jeannette Manfra. In a brief statement emailed to reporters, Manfra said she was “extremely grateful” to Toler. “He has done a great job keeping the ship afloat as the acting assistant secretary. His contributions to the organization over the past five years will endure. I believe the department is in a better place as a result of his work, […]

The post DHS promotes from within to fill cyber deputy assistant secretary role appeared first on Cyberscoop.

Continue reading DHS promotes from within to fill cyber deputy assistant secretary role→

Researchers display “CAN do” skill in vehicle DoS

Posted on August 3, 2017 by Taylor Armerding

In the case of vehicles it’s more of a “denial of control” attack Continue reading Researchers display “CAN do” skill in vehicle DoS→

Siemens Patches Vulnerabilities in SIMATIC CP, XHQ

Posted on June 23, 2017 by Chris Brook

Siemens patched two vulnerabilities in products, SIMATIC CP and XHQ, commonly found in industrial control system setups this week Continue reading Siemens Patches Vulnerabilities in SIMATIC CP, XHQ→

Privilege Escalation Flaw Patched in Schneider Wonderware

Posted on March 10, 2017 by Michael Mimoso

Schneider Electric patched a vulnerability in the Tableau Server running in its Wonderware analytics and visualization platform that could allow an attacker to elevate privileges. Continue reading Privilege Escalation Flaw Patched in Schneider Wonderware→

U.S. oil and gas companies are ‘still trying to catch up’ on cybersecurity, experts say

Posted on March 6, 2017 by Chris Bing

Digital systems and internet networks belonging to U.S. oil and gas companies have increasingly come under attack from hackers in recent years, experts tell CyberScoop. The Homeland Security Department received — between 2011 and 2015 — roughly 350 reports from domestic energy companies who were concerned about hackers probing or breaking into their systems, according to the Houston Chronicle, which cited data from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). In this context, the term “incidents” refers to times people called the agency rather than actual breaches. Nearly 900 “security flaws” were discovered by DHS during that timeframe — a figure which some private sector cybersecurity experts claim appears low. Making sure that industrial control systems, or ICS, are secure has become an especially important mission for Gulf Coast oil, gas and petrochemical companies in addition to the local Coast Guard, the newspaper reported. Industrial equipment often used […]

The post U.S. oil and gas companies are ‘still trying to catch up’ on cybersecurity, experts say appeared first on Cyberscoop.

Continue reading U.S. oil and gas companies are ‘still trying to catch up’ on cybersecurity, experts say→

Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS

Posted on February 28, 2017 by Chris Brook

Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions. Continue reading Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS→

Honeywell SCADA Controllers Exposed Passwords in Clear Text

Posted on February 3, 2017 by Chris Brook

A series of remotely exploitable vulnerabilities – including clear text passwords – exist in a set of Honeywell SCADA systems.
Continue reading Honeywell SCADA Controllers Exposed Passwords in Clear Text→