HackDig : Dig high-quality web security articles for hackers

Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days

TIM’s Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020.
Publish At:2020-11-30 19:54 | Read:71 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA

A critical flaw in industrial automation systems opens to remote hack

Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Sta
Publish At:2020-11-29 12:42 | Read:161 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA hacking news industrial auto

Security flaws in Schneider Electric PLCs allow full take over

Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLC
Publish At:2020-11-13 06:41 | Read:216 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA Security hacking news ICS in

US Treasury imposes sanctions on a Russian research institute behind Triton malware

US Treasury Department announced sanctions against Russia’s Central Scientific Research Institute of Chemistry and Mechanics behind Triton malware. The US Treasury Department announced sanctions against a Russian research institute for its alleged role in the development of the Triton malware. “Today, the Department of the Treasury’s Offi
Publish At:2020-10-24 10:53 | Read:268 | Comments:0 | Tags:Breaking News Cyber warfare Hacking ICS-SCADA Malware hackin

Talos experts disclosed unpatched DoS flaws in Allen-Bradley adapter

Cisco Talos found several remotely exploitable denial-of-service (DoS) vulnerabilities in a Rockwell Automation industrial automation product. A researcher from Cisco Talos released technical details of several remotely exploitable denial-of-service (DoS) vulnerabilities in an industrial automation product made by Rockwell Automation. The product affec
Publish At:2020-10-14 12:59 | Read:284 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA Allen-Bradley DOS informatio

The Australian government wants to respond to attacks on critical infrastructure

The Australian government aims at giving itself the power to manage the response of private enterprises to cyber attacks on critical infrastructure. The Australian government wants to increase the security of critical infrastructure, for this reason, it plans to manage the response of private enterprises to cyber attacks targeting them. According to a
Publish At:2020-08-17 03:24 | Read:523 | Comments:0 | Tags:Breaking News Cyber Crime Cyber warfare Hacking ICS-SCADA In

NSA/CISA joint report warns on attacks on critical industrial systems

NSA is warning of cyber attacks launched by foreign threat actors against organizations in the critical infrastructure sector across the U.S. The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of cyber attacks targeting critical infrastructure across the U.S. “Over recent mont
Publish At:2020-07-27 15:20 | Read:527 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA CISA critical infrastructure

Two more cyber attacks hit Israel’s water facilities in June

In April a cyber attack hit an Israeli water facility, last week, officials revealed two more cyber attacks against other water management facilities. In April an attack hit an Israeli water facility attempting to modify water chlorine levels, last week officials from the Water Authority revealed two more cyber attacks on other facilities in the country.
Publish At:2020-07-20 16:36 | Read:677 | Comments:0 | Tags:Breaking News Cyber warfare Hacking ICS-SCADA Security criti

Coronavirus-themed campaign targets energy sector with PoetRAT

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors.  Cisco Talos researchers have uncovered a new Coronavirus-themed campaign employing a previously-undiscovered RAT tracked as PoetRAT. The attacks targeted the Azerbaijan government and utility companies, the maliciou
Publish At:2020-04-18 13:20 | Read:919 | Comments:0 | Tags:Breaking News Cyber Crime Hacking ICS-SCADA Malware covid19

Critical buffer overflow in CODESYS allows remote code execution

Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbi
Publish At:2020-03-28 12:22 | Read:1574 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA buffer overflow CODESYS heap

Talos found tens of dangerous flaws in WAGO Controllers

Cisco Talos experts discovered tens of flaws in WAGO products that expose controllers and human-machine interface (HMI) panels to remote attacks. Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutio
Publish At:2020-03-12 05:39 | Read:1067 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA ICS it security it security

Office network at the European Network of Transmission System Operators for Electricity (ENTSO-E) breached

The European Network of Transmission System Operators for Electricity (ENTSO-E) disclose a security breach this week. The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that threat actors penetrated its network. ENTSO-E, the European Network of Transmission System Operators, represents 43 electricity tran
Publish At:2020-03-11 12:48 | Read:1124 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA Security ENTSO-E hacking new

Dragos Report: Analysis of ICS flaws disclosed in 2019

More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities. According to a report published by Dragos, the experts analyzed 438 ICS vulnerabilities that were reported in 212 security advisories, 26% of advisories is related to zero-day flaws. The experts determined 116 unique type
Publish At:2020-02-21 02:30 | Read:1145 | Comments:0 | Tags:Breaking News ICS-SCADA Reports Hacking hacking news ICS inf

Schneider Electric SCADA Gateway contains Hard-Coded FTP Credentials

Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. ICS-SCADA systems are critical components of for our society, they are often vital system inside critical infrastructure, but we still continue to discover naive vulnerabilities in the software th
Publish At:2015-01-22 21:55 | Read:3418 | Comments:0 | Tags:Security ETG3000 FactoryCast HMI Gateway Hacking ICS-CERT IC

Tools