HackDig : Dig high-quality web security articles for hacker

Critical buffer overflow in CODESYS allows remote code execution

Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbi
Publish At:2020-03-28 12:22 | Read:201 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA buffer overflow CODESYS heap

Talos found tens of dangerous flaws in WAGO Controllers

Cisco Talos experts discovered tens of flaws in WAGO products that expose controllers and human-machine interface (HMI) panels to remote attacks. Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutio
Publish At:2020-03-12 05:39 | Read:305 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA ICS it security it security

Dragos Report: Analysis of ICS flaws disclosed in 2019

More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities. According to a report published by Dragos, the experts analyzed 438 ICS vulnerabilities that were reported in 212 security advisories, 26% of advisories is related to zero-day flaws. The experts determined 116 unique type
Publish At:2020-02-21 02:30 | Read:279 | Comments:0 | Tags:Breaking News ICS-SCADA Reports Hacking hacking news ICS inf

What Do Recent Attacks Mean for OT Network Security?

Security management can be proactive or reactive depending on each organization’s risk appetite. When attacks are made public, things change, and learning from threats becomes a requirement for both C-suite members and security leaders. WannaCry, NotPetya and Industroyer are some of the most recently analyzed malware pieces. Apart from corporate networ
Publish At:2017-09-27 22:46 | Read:4306 | Comments:0 | Tags:Endpoint Energy & Utility Incident Response Network Critical

Dragonfly 2.0: the sophisticated attack group is back with destructive purposes

While the first Dragonfly campaigns appear to have been a more reconnaissance phase, the Dragonfly 2.0 campaign seems to have destructive purposes. Symantec has spotted a new wave of cyber attacks against firms in the energy sector powered by the notorious Dragonfly group. The Dragonfly group, also known as Energetic Bear, has been active since at least 2011
Publish At:2017-09-07 16:19 | Read:3646 | Comments:0 | Tags:APT Breaking News Hacking critical infrastructure Dragonfly

Spotlight on Energy and Utilities Sector: Attacks Targeting ICS Systems Projected to Increase

There is an increased focus on cybersecurity among governments and energy and utilities organizations worldwide, and for good reason. Attacks on critical infrastructure such as fuel, electricity and drinking water carry the potential for damage far beyond their economic impact. As demonstrated by incidents such as the notorious shutdown of several Iranian nu
Publish At:2017-09-06 20:40 | Read:3266 | Comments:0 | Tags:Advanced Threats Energy & Utility Threat Intelligence Energy

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began mu
Publish At:2017-06-15 13:30 | Read:8522 | Comments:0 | Tags:Featured Research industrial software Nigerian Scam Phishing

Addressing Security Gaps in the Energy Industry

Every industry has its own unique challenges related to information security. Financial services organizations bear the burden of preventing fraud. Manufacturing businesses have to protect their intellectual property and ensure that manufacturing processes remain resilient to attack. Meanwhile, health care organizations must keep sensitive personal informat
Publish At:2017-06-14 01:00 | Read:3645 | Comments:0 | Tags:Energy & Utility Energy and Utilities Energy Industry Indust

Experts spotted Industroyer ICS Malware and linked it to Ukraine Power Outage

Researchers at antivirus firm ESET have discovered a new strain of malware, dubbed Industroyer, that appears to have been designed to target power grids. The experts published a detailed analysis of the malware, they speculated the malicious code has been involved in the December 2016 attack on an electrical substation in Ukraine. “Win32/Industroyer is
Publish At:2017-06-13 07:40 | Read:4557 | Comments:0 | Tags:APT Breaking News Hacking Malware BlackEnergy CRASHOVERRIDE

ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest networking equipment to find was designed for convenience in a
Publish At:2017-06-13 07:40 | Read:4723 | Comments:0 | Tags:Breaking News Hacking Reports authentication cyber security

ClearEnergy ransomware can destroy process automation logics in critical infrastructure, SCADA and industrial control sy

Schneider Electric, Allen-Bradley, General Electric (GE) and more vendors are vulnerable to ClearEnergy ransomware. Researchers at CRITIFENCE® Critical Infrastructure and SCADA/ICS Cyber Threats Research Group have demonstrated this week a new proof of concept ransomware attack aiming to erase (clear) the ladder logic diagram in Programmable Logic Controlle
Publish At:2017-04-16 11:35 | Read:6462 | Comments:0 | Tags:Critical Infrastructures Cyber Security Cyber Security Resea

Still problems for Schneider Electric, Schneider Modicon TM221CE16R has a hardcoded password

The firmware running on the Schneider Modicon TM221CE16R (Firmware has a hardcoded password, and there is no way to change it. I believe it is very disconcerting to find systems inside critical infrastructure affected by easy-to-exploit vulnerabilities while we are discussing the EU NIS directive. What about hard-coded passwords inside critical syst
Publish At:2017-04-05 19:25 | Read:3177 | Comments:0 | Tags:Breaking News Hacking Firmware SCADA Schneider Modicon TM221

Lesson Learned From Stuxnet

Security researchers discovered Stuxnet in 2010, and it has since become one of the most well-known malware campaigns in history. The cybercriminals behind the attack developed the infamous worm to damage programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems using four zero-day vulnerabilities in Microsoft Windows
Publish At:2017-03-10 12:10 | Read:3338 | Comments:0 | Tags:Energy and Utility Infrastructure Protection Energy Industry

US Oil and Gas Industry unprepared to mitigate risks in operational technology (OT) environments

A study commissioned by Siemens revealed that US oil and gas industry is unprepared to mitigate cybersecurity risks in operational technology environments. A new study commissioned by the engineering firm Siemens revealed that oil and gas industry in the United States is largely unprepared to mitigate cybersecurity risks in operational technology (OT) enviro
Publish At:2017-02-26 17:50 | Read:3363 | Comments:0 | Tags:Breaking News Reports Security Hacking insiders malware oper

A simulation shows how a ransomware could hack PLCs in a water treatment plant

The security researchers at the Georgia Institute of Technology have simulated a ransomware-based attack on PLCs in a water treatment plant. The security researchers at the Georgia Institute of Technology have conducted an interesting research on the potential impact of ransomware on industrial control systems (ICS). The researchers David Formby, a Ph.D. stu
Publish At:2017-02-14 10:40 | Read:3949 | Comments:0 | Tags:Breaking News Hacking Security critical infrastructure extor


Share high-quality web security related articles with you:)


Tag Cloud