Collaborate Disseminate
Schneider Electric has announced the appointment of Karlton Gray as its new IT Channel Director for the UK & Ireland. Karlton is a seven-year veteran of Schneider Electric’s Secure Power Division and since joining he has held numerous roles w… Continue reading Schneider Electric names Karlton Gray as IT Channel Director for the UK and Ireland
Researchers at Armis discovered an authentication bypass vulnerability (CVE-2021-22779) in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). Modicon M580 The vulnerability, dubbed Mod… Continue reading Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779)
A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications and energy utilities. The vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. “It’s a very wide range,” said Ben Seri, vice president of research at Armis. “It does reach on one end nation-states and sophisticated attacks in that type of scale, but it can also just be the next logical steps for ransomware attackers.” The vulnerability would allow attackers to hijack a command that would leak a password hash from the device’s memory. Once they have […]
The post Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities appeared first on CyberScoop.
Claroty announced it has secured $140 million in a Series D financial round. The round marks the largest investment ever made within the industrial cybersecurity sector, establishing Claroty’s market leadership as the world grapples with an uptic… Continue reading Claroty raises $140M to expand into new regions and enhance its product portfolio
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity. Continue reading Multiple Industrial Control System Vendors Warn of Critical Bugs
Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations. Continue reading Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks
ePlus announced that it has extended its Managed Services capabilities to include proactive monitoring, management, and remediation of APC by Schneider Electric uninterruptible power supply (UPS) devices. The Managed Power Protection offering includes … Continue reading ePlus expands Managed Services capabilities for APC by Schneider Electric UPS devices
19 vulnerabilities – some of them allowing remote code execution – have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT devices deployed by organizations in a wide variety of industries and sectors. “Affe… Continue reading Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack
Treck Inc. may be one of the most important software companies you’ve never heard of. Engineers at the Cincinnati-based company build networking protocols that end up in everything from HP printers to medical devices made by Baxter International, a Fortune 500 company. That core software, however, contains no less than 19 vulnerabilities, at least two of which could let hackers remotely commandeer devices running the code. That was the verdict made public on Tuesday by researchers from Jerusalem-based security company JSOF after months of studying Treck’s code. The discovery highlights how obscure companies can have an outsize impact on the supply chain security of software products around the world. It also shows how painstaking the act of locating and patching vulnerable devices can be. The further that JSOF researchers dug, the more devices they found running the Treck software. The footprint of devices grew so big that JSOF called in Forescout […]
The post ‘Ripple’ effect: Flaws found in protocols impact everything from printers to infusion pumps appeared first on CyberScoop.
The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology (OT) networks and industrial control systems (ICS). “As ICS are a distinct sub-domain to information… Continue reading Widely available ICS attack tools lower the barrier for attackers