Software Security

Archive for the 'Industrial Control System Security' Category

 

Command injection vulnerability in Locus Energy Solar Panels patched

A command injection vulnerability (CWE-73) disclosed within the software used by Locus Energy solar panels has now been patched by the company. An ICS-CERT advisory dated December 6, 2016, Daniel Reich, an independent researcher, was credited with finding the vulnerability in several versions of the LGate solar panel. Because the web server on these vulnerable […]

Continue Reading...

Posted in Industrial Control System Security, Vulnerability Assessment | Comments Off on Command injection vulnerability in Locus Energy Solar Panels patched

 

Cyberattacks erase Saudi government data

The data on thousands of computers at the headquarters of the General Authority of Civil Aviation in Saudi Arabia was erased starting in mid-November by malware from “outside the country,” according to a state report. On Thursday, the state-run Saudi Press Agency confirmed that a series of attacks on government systems, especially the transportation sector. […]

Continue Reading...

Posted in Data Breach, Government Security, Industrial Control System Security | Comments Off on Cyberattacks erase Saudi government data

 

Power meters vulnerable to remote attacks, says ICS-CERT

ICS-CERT says power meters from two manufacturers are vulnerable to remote cross-site request forgery attacks (CSRF) and/or compromise. In one advisory, ICS-CERT cited Schneider Electric’s ION Power Meter products. A remote attacker using CSRF could perform unauthorized actions on the affected devices, such as configuration parameter changes or saving modified configuration. Models affected include ION […]

Continue Reading...

Posted in Industrial Control System Security | Comments Off on Power meters vulnerable to remote attacks, says ICS-CERT

 

Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

Borrowing from Stuxnet, a new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment. Back in 2010, researchers found a sophisiticated piece of malware called Stuxnet which only attacked systems running Siemens Step 7 PLCs. Otherwise the malware sat dormant. Stuxnet primarily attacked centrifuges used in […]

Continue Reading...

Posted in Data Breach, Industrial Control System Security | Comments Off on Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

 

Maritime vessels new targets for cyber attacks

New research suggests that maritime vessels are under significant threat of cyber-attack because they were not designed with cyber security in mind and carry outdated software. In a research paper published in Engineering and Technology Reference researchers from the Plymouth University’s Maritime Cyber Threats Research Group suggest that cyber attacks would most likely target systems […]

Continue Reading...

Posted in Industrial Control System Security | Comments Off on Maritime vessels new targets for cyber attacks

 

6 years later, ‘Stuxnet’ vulnerability remains exploited

In a recent report, Microsoft found that among the exploit-related malware families it detected during 2015 was a six-year vulnerability that was well-publicized. Back in 2010, security researchers traced a series of hardware-specific infections to a piece of malware dubbed Stuxnet. This malware lay dormant on Windows machines unless there was also access to a […]

Continue Reading...

Posted in Industrial Control System Security, Internet of Things | Comments Off on 6 years later, ‘Stuxnet’ vulnerability remains exploited

 

German nuclear plant finds PCs full of viruses

More than a dozen common computer viruses have been found on PCs at one nuclear plant in Germany, according to its operator. The German utility RWE, which runs the Gundremmingen plant, located about 75 miles northwest of Munich, said it found the malware “W32.Ramnit” and “Conficker,” among others, in a computer system the company retrofitted […]

Continue Reading...

Posted in Industrial Control System Security | Comments Off on German nuclear plant finds PCs full of viruses

 

Podcast: Securing the supply chain through procurement language, Part 1

Procurement language in software. The concept of holding someone contractually liable for the statements they make about the quality, reliability, and most of all security of the software they are providing. Many industries have specific hardware procurement requirements for parts introduced into their supply chains, but what about software? Until recently, there has not been […]

Continue Reading...

Posted in Industrial Control System Security, Medical Device Security | Comments Off on Podcast: Securing the supply chain through procurement language, Part 1