DHS warns of another dangerous flaw in Advantech WebAccess SCADA software
More flaws in WebAccess emerge after security researchers begin focussing on the decades old distributed computing protocol Remote Procedure Call (RPC).
More flaws in WebAccess emerge after security researchers begin focussing on the decades old distributed computing protocol Remote Procedure Call (RPC).
Flaw in industrial software could cripple plant operations, however a patch was released weeks ago.
Researchers uncover well-crafted malware that's designed to disrupt core electricity substation equipment to cause outages.
Attacks against industrial control systems doubled last year, according to a new report from Dell.
Maria Korolov | 18 Apr | Read more
Atlanta -- Sophisticated attacks like Stuxnet aren't necessary to compromise industrial control systems for dams, power plants, chemical plants and the like. Rather, simple phishing attacks followed up by using tools that are easily available through Metasploit will do the trick, security pros were told at a conference in Atlanta this week.
Tim Greene | 02 Oct | Read more
Advocates of heavily instrumented 'smart city' infrastructure are acutely aware of the legacy left by insecure SCADA control systems and are instrumenting modern industrial-control networks with a higher degree of security, according to smart-cities architect Silver Spring Networks.
David Braue | 20 Aug | Read more
We've all heard the same story recently – malware developers and distributors are becoming far smarter and commercially minded than ever before. The days of disgruntled teenagers hacking from their dimly lit bedrooms are behind us with corporatised criminal gangs now working as organized syndicates intent on stealing identities and extorting money.
Anthony Caruana | 24 Mar | Read more
Hackers don't need Stuxnet or Flame to turn off a city's lights, say security experts
John P. Mello | 26 Sep | Read more
Presentation by Russell Clarke and Mark Jones - Directors of RMSEC.
Russell Clarke and Mark Jones | 31 Jan | Read more
Sweeping change needed to boost critical infrastructure security handcuffed by lack of cooperation between IT, grid operations workers
Matt Hines | 25 Jan | Read more
Experts in the security of critical infrastructure have had the weekend to digest news that <a href="http://blogs.csoonline.com/1822/scada_and_phpmyadmin_a_match_made_in_hell">a public utility water pump in Springfield, Ill. was destroyed at the hands of remote attackers</a> who were able to gain access to the SCADA systems controlling it. Their initial advice: Share any information that can minimize or stop the next attack, but don't jump to conclusions.
George V. Hulme | 22 Nov | Read more
McAfee's talking-up of the threats represented by Operation Shady RAT supports a convenient narrative, but how much do we accurately know about the unidentified enemy or enemies? Not a lot, I'd wager.
Stilgherrian | 24 Aug | Read more
It's no state secret that industrial and automation control systems have a way to go before they're resilient from targeted and sophisticated malware attacks. Just last week the International Society of Automation (ISA) announced that the ISA99 standards committee on Industrial Automation and Control Systems Security had formed a task group to conduct a gap analysis of the current ANSI (American National Standards Institute) ISA99 standards and modern threats against critical industrial systems, such as Stuxnet.
George V. Hulme | 12 Mar | Read more
While the race between industrial control system attackers and defenders didn't start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.
George V. Hulme | 01 Apr | Read more
Researchers at the Queensland University of Technology hope to test and mitigate the risks of a Distributed Denial of Service (DDoS) attack by creating and running their own internal testbed.
James Hutchinson | 21 Sep | Read more