HackDig : Dig high-quality web security articles for hackers

Flaws in leading industrial remote access systems allow disruption of operations

Experts found critical security flaws in two popular industrial remote access systems that could be exploited by threat actors for malicious purposes. Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, h
Publish At:2020-10-01 08:45 | Read:156 | Comments:0 | Tags:Breaking News Hacking hacking news ICS industrial remote acc

NSA/CISA joint report warns on attacks on critical industrial systems

NSA is warning of cyber attacks launched by foreign threat actors against organizations in the critical infrastructure sector across the U.S. The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of cyber attacks targeting critical infrastructure across the U.S. “Over recent mont
Publish At:2020-07-27 15:20 | Read:343 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA CISA critical infrastructure

Attacks Targeting ICS & OT Assets Grew 2000% Since 2018, Report Reveals

The digital threat landscape is always changing. This year is an excellent (albeit extreme) example. With the help of Dimensional Research, Tripwire found out that 58% of IT security professionals were more concerned about the security of their employees’ home networks than they were before the outbreak of coronavirus 2019 (COVID-19). Slightly fewer percenta
Publish At:2020-05-24 09:52 | Read:478 | Comments:0 | Tags:IT Security and Data Protection IBM ics operational technolo

Coronavirus-themed campaign targets energy sector with PoetRAT

Threat actors employed the previously-undetected PoetRAT Trojan in a Coronavirus-themed campaign aimed at government and energy sectors.  Cisco Talos researchers have uncovered a new Coronavirus-themed campaign employing a previously-undiscovered RAT tracked as PoetRAT. The attacks targeted the Azerbaijan government and utility companies, the maliciou
Publish At:2020-04-18 13:20 | Read:785 | Comments:0 | Tags:Breaking News Cyber Crime Hacking ICS-SCADA Malware covid19

Realizing Hybrid Asset Discovery with Tripwire Industrial Appliance

Digital attacks continue to weigh on the minds of industrial cybersecurity (ICS) professionals. In a 2019 survey, 88% of ICS experts told Tripwire they were worried about what a digital attack could mean for their industrial organization. The rate was even higher for those working in the manufacturing and oil & gas sectors at 89% and 97%, respectively.Su
Publish At:2020-04-15 00:01 | Read:903 | Comments:0 | Tags:ICS Security asset discovery Devices ics

Critical buffer overflow in CODESYS allows remote code execution

Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbi
Publish At:2020-03-28 12:22 | Read:1302 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA buffer overflow CODESYS heap

Talos found tens of dangerous flaws in WAGO Controllers

Cisco Talos experts discovered tens of flaws in WAGO products that expose controllers and human-machine interface (HMI) panels to remote attacks. Talos and Germany’s VDE CERT this week published advisories describing roughly 30 vulnerabilities identified in devices made by WAGO, a German company specializing in electrical connection and automation solutio
Publish At:2020-03-12 05:39 | Read:912 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA ICS it security it security

Dragos Report: Analysis of ICS flaws disclosed in 2019

More than 400 flaws affecting industrial control systems (ICS) were disclosed in 2019, more than 100 were zero-day vulnerabilities. According to a report published by Dragos, the experts analyzed 438 ICS vulnerabilities that were reported in 212 security advisories, 26% of advisories is related to zero-day flaws. The experts determined 116 unique type
Publish At:2020-02-21 02:30 | Read:898 | Comments:0 | Tags:Breaking News ICS-SCADA Reports Hacking hacking news ICS inf

Navigating ICS Security: Having your Action Plan Ready

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity practice, it is
Publish At:2020-02-09 10:22 | Read:582 | Comments:0 | Tags:ICS Security CMA ics OT

Survey: 93% of ICS Pros Fear Digital Attacks Will Affect Operations

Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the effo
Publish At:2019-10-18 10:10 | Read:1231 | Comments:0 | Tags:ICS Security experts ics Industrial Survey

What is NEI 08-09?

Most organizations with industrial control systems (ICS) fall into one of two categories: regulated and non-regulated. For those subject to government imposed regulatory requirements, the selection of a cybersecurity framework is obviously compelling. Such is the case with the nuclear energy industry and NEI 08-09.The nuclear energy industry is one of the sa
Publish At:2019-10-18 10:10 | Read:1102 | Comments:0 | Tags:ICS Security Regulatory Compliance ics NEI 08-09 nuclear

Threat Landscape for Industrial Automation Systems in H1 2017

Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017. All statistical data used in this report was collected using the Kaspersky Security Network (KSN), a distributed antivirus network. Th
Publish At:2017-09-28 17:00 | Read:4106 | Comments:0 | Tags:Featured Industrial threats ICS Industrial control systems i

Microsoft Attempts To Fix Stuxnet For The Third Time

Microsoft released a new security update on June 17th in an attempt to patch a vulnerability which allowed the Stuxnet Virus to exploit Windows systems. The Stuxnet Virus which attacks Industrial Control Systems was first discovered in 2010 when it infected Iranian Programmable Logic Controllers.  Stuxnet compromises controllers by first targeting Windows op
Publish At:2017-08-04 21:15 | Read:3979 | Comments:0 | Tags:Breaking News Hacking CVE-2017-8464 ICS industrial control s

Experts spotted Industroyer ICS Malware and linked it to Ukraine Power Outage

Researchers at antivirus firm ESET have discovered a new strain of malware, dubbed Industroyer, that appears to have been designed to target power grids. The experts published a detailed analysis of the malware, they speculated the malicious code has been involved in the December 2016 attack on an electrical substation in Ukraine. “Win32/Industroyer is
Publish At:2017-06-13 07:40 | Read:5364 | Comments:0 | Tags:APT Breaking News Hacking Malware BlackEnergy CRASHOVERRIDE

ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest networking equipment to find was designed for convenience in a
Publish At:2017-06-13 07:40 | Read:5292 | Comments:0 | Tags:Breaking News Hacking Reports authentication cyber security

Tools

Tag Cloud