19 September 2019
Threat landscape for smart buildings. H1 2019 in briefWhat threats are relevant to building automation systems and what malware their owners have encountered in the first six months of 2019.
Filter
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 3This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 2This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 1This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
14 August 2019
The internet of things security maturity model: a nudge for IoT cybersecurityThe purpose of the IoT Security Maturity Model (IoT SMM) is to help choose protection measures against cyberthreats that correspond to the company’s actual business needs.
01 July 2019
How we hacked our colleague’s smart home, or morning drum & bassIn this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.
27 March 2019
Threat landscape for industrial automation systems. H2 2018Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.
24 January 2019
GreyEnergy’s overlap with ZebrocyZebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.
22 January 2019
Security research: ThingsPro Suite – IIoT gateway and device manager by MoxaThe security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.
17 January 2019
Challenges of industrial cybersecurityFactors that have a significant effect, now and going forward, on the threat landscape, on the development, implementation, and use of organizational and technical measures to protect industrial facilities, and the main issues associated with ensuring the cybersecurity of industrial enterprises.
Filter
17 May 2018
Multiple vulnerabilities closed in Advantech WebAccessMultiple serious vulnerabilities have been closed in Advantech’s WebAccess SCADA/HMI solution. Their exploitation could lead to sensitive information disclosure, arbitrary code execution and file deletion.
26 April 2018
Vulnerabilities in Advantech WebAccess HMI DesignerDangerous vulnerabilities have been identified in Advantech WebAccess HMI Designer. Their exploitation could lead to remote code execution
19 April 2018
Vulnerabilities in Rockwell Automation industrial networking solutionsCritical vulnerabilities have been identified in several Rockwell Automation industrial networking devices. The issue is due to Cisco IOS or IOS XE versions with multiple vulnerabilities being used in these devices
19 April 2018
Critical vulnerabilities in Schneider Electric industrial solutionsCritical vulnerabilities have been identified in SCADA/HMI solutions InduSoft Web Studio and InTouch Machine Edition, and in the Triconex Tricon model 3008 Safety Instrumented System
18 April 2018
Vulnerabilities in Moxa EDR-810 routersMultiple vulnerabilities have been identified in Moxa EDR-810 industrial routers. Their successful exploitation could lead to privilege escalation and denial-of-service conditions
16 April 2018
Internet of Things Security Maturity Model description to be publishedThe Industrial Internet Consortium has announced the publication of an official Internet of Things Security Maturity Model description.
11 April 2018
Multiple vulnerabilities closed in U.motion Builder building automation solutionSchneider Electric has closed multiple vulnerabilities in U.motion Builder – a total of 16 vulnerabilities with different severity levels (CVSS v.3 base score of 4.3 to 10)
11 April 2018
Attack on Cisco switchesA vulnerability in Cisco Smart Install Client was exploited in an attack on Cisco IOS switches to modify configuration files on the devices and cause a denial-of-service condition
06 April 2018
Critical vulnerability closed in Moxa AWK-3131A industrial access pointA critical vulnerability in Moxa AWK-3131A industrial access point could allow an unauthorized attacker to execute arbitrary code by injecting system commands
03 April 2018
DoS vulnerability in Siemens SIMATIC productsAn Improper Input Validation vulnerability has been identified in Siemens SIMATIC industrial automation products.
Filter