19 September 2019
Threat landscape for smart buildings. H1 2019 in briefWhat threats are relevant to building automation systems and what malware their owners have encountered in the first six months of 2019.
Filter
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 3This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 2This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 1This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
14 August 2019
The internet of things security maturity model: a nudge for IoT cybersecurityThe purpose of the IoT Security Maturity Model (IoT SMM) is to help choose protection measures against cyberthreats that correspond to the company’s actual business needs.
01 July 2019
How we hacked our colleague’s smart home, or morning drum & bassIn this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.
27 March 2019
Threat landscape for industrial automation systems. H2 2018Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.
24 January 2019
GreyEnergy’s overlap with ZebrocyZebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.
22 January 2019
Security research: ThingsPro Suite – IIoT gateway and device manager by MoxaThe security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.
17 January 2019
Challenges of industrial cybersecurityFactors that have a significant effect, now and going forward, on the threat landscape, on the development, implementation, and use of organizational and technical measures to protect industrial facilities, and the main issues associated with ensuring the cybersecurity of industrial enterprises.
Filter
19 July 2018
Dangerous vulnerability identified in ABB Panel Builder 800 engineering softwareA vulnerability in Panel Builder 800 engineering software installed on ABB Panel 800 HMI devices could enable attackers to plant and execute arbitrary code on affected devices
17 July 2018
Multiple vulnerabilities fixed in WAGO operator panelsWAGO has fixed multiple vulnerabilities in e!DISPLAY 7300T series HMA devices. Exploitation of these vulnerabilities could enable attackers to execute arbitrary code or overwrite critical files
17 July 2018
DoS vulnerabilities in SIPROTEC 5 relays and EN100 communication moduleDoS vulnerabilities have been identified in Siemens SIPROTEC 5 relays and the EN100 communication module. These vulnerabilities can be exploited by a remote attacker without requiring any privileges or user interaction
09 July 2018
Multiple vulnerabilities in Allen-Bradley Stratix 5950 appliancesAllen-Bradley Stratix 5950 network security appliances are affected by multiple vulnerabilities. The flaws, which are due to security issues in the Cisco ASA operating system used in the devices, could cause the appliances to malfunction
27 June 2018
Vulnerability in Delta Industrial Automation COMMGR softwareA buffer overflow vulnerability in Delta Industrial Automation COMMGR software could lead to remote code execution, cause the application to crash, or cause a denial-of-service condition in the application server
27 June 2018
DoS vulnerability in Allen-Bradley CompactLogix and Compact GuardLogix controllersRemote attackers could cause a denial-of-service condition in Allen-Bradley CompactLogix and Compact GuardLogix controllers by exploiting a vulnerability in these devices
26 June 2018
Cyberattack on satellite communications companiesIn a cyberattack on organizations in the US and Southeast Asia, hackers have used legitimate tools to infect systems that monitor and control communications satellites
19 June 2018
Dangerous vulnerabilities fixed in Siemens routers and switchesSiemens has closed serious vulnerabilities in its solutions. Affected devices include SCALANCE M875 industrial routers and SCALANCE X switches
13 June 2018
Multiple vulnerabilities in U.motion BuilderMultiple remote code execution vulnerabilities have been corrected in Schneider Electric’s U.motion Builder. Fixes for the vulnerabilities have been included in version 1.3.4 of the solution
09 June 2018
Serious vulnerability in RSLinx Classic and FactoryTalk Linx Gateway by Rockwell AutomationA serious vulnerability has been identified in Rockwell Automation solutions for industrial networks RSLinx Classic and FactoryTalk Linx Gateway
Filter