02 December 2019
Biometric data processing and storage system threatsThe findings of our research can be used to make a more objective assessment of risks associated with using modern biometric authentication systems.
Filter
22 November 2019
VNC vulnerability researchFindings of research on different implementations of the VNC remote access system. Memory corruption vulnerabilities were found, some of which, if exploited, could lead to remote code execution.
30 September 2019
Threat landscape for industrial automation systems, H1 2019Descriptions of dangerous threats, our findings from analyzing statistics on blocked threats, and possible vectors of malware penetration of ICS computers.
19 September 2019
Threat landscape for smart buildings. H1 2019 in briefWhat threats are relevant to building automation systems and what malware their owners have encountered in the first six months of 2019.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 3This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 2This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
18 September 2019
Security research: CODESYS Runtime, a PLC control framework. Part 1This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.
14 August 2019
The internet of things security maturity model: a nudge for IoT cybersecurityThe purpose of the IoT Security Maturity Model (IoT SMM) is to help choose protection measures against cyberthreats that correspond to the company’s actual business needs.
01 July 2019
How we hacked our colleague’s smart home, or morning drum & bassIn this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.
27 March 2019
Threat landscape for industrial automation systems. H2 2018Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.
Filter
Filter
15 January 2019
Vulnerabilities in Schneider Electric industrial solutionsCritical and severe vulnerabilities have been identified in GP-Pro EX programming environment, Zelio Soft software and IIoT Monitor platform
14 December 2018
Critical vulnerabilities in Siemens SINUMERIK controllersExploitation of vulnerabilities in Siemens SINUMERIK controllers cold allow remote code execution, privilege escalation and device denial-of-service conditions
11 December 2018
IoT Security in the ‘Smart Manufacturing’ world: a new study by ENISAENISA has released a new study: “Good Practices for Security of Internet of Things in the context of Smart Manufacturing. Kaspersky Lab ICS CERT experts contributed to the study.
23 November 2018
Critical vulnerability in Modicon M221 PLCA critical vulnerability in Modicon M221 PLC could allow attackers to intercept traffic by remotely changing IPv4 parameters
16 November 2018
Web vulnerabilities in Siemens SIMATIC operator panelsThe most serious of the vulnerabilities could allow arbitrary files to be downloaded from the device
16 November 2018
Vulnerabilities in Siemens industrial productsThe most dangerous of the vulnerabilities affect the SIMATIC S7-400 CPU family and the SIMATIC IT Production Suite software package. The vulnerabilities have been fixed for most of the affected products
08 November 2018
Schneider Electric has fixed a vulnerability in SESU softwareThe vulnerability affects the Schneider Electric Software Update (SESU) tool, which is used to notify users when updated Schneider Electric software is available
08 November 2018
Critical vulnerabilities in CirCarLife electric vehicle chargersSuccessful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials to bypass authentication, and to access critical information
07 November 2018
Critical vulnerabilities in AVEVA industrial softwareThe vulnerabilities affect InduSoft Web Studio and InTouch Edge HMI and could allow remote execution of arbitrary code
29 October 2018
Multiple vulnerabilities in Advantech WebAccessVulnerabilities identified in Advantech WebAccess include buffer overflow, path traversal, improper privilege management, etc.