A researcher has discovered several vulnerabilities in Sierra Wireless industrial gateways, but the vendor will not address the issues because the products are approaching end of life.
Security researcher Karn Ganeshen reported recently that Sierra Wireless AirLink Raven XE and XT modems are affected by several flaws. One of the issues is related to the existence of a default account that allows an attacker with access to the network to log in to the device’s web administration interface.
Unpatched Flaws Found in Sierra Wireless Industrial Gateways
A researcher has discovered several vulnerabilities in Sierra Wireless industrial gateways, but the vendor will not address the issues because the products are approaching end of life. Security researcher Karn Ganeshen reported recently that Sierra Wireless AirLink Raven XE and XT modems are affected by several flaws. One of the issues is related to the existence of a default account that allows an attacker with access to the network to log in to the device’s web administration interface. Read the Full Story at
Vulnerabilities Found in Siemens SICAM PAS Power Automation System
(SecurityWeek) - Researchers have discovered two vulnerabilities in Siemens’ SICAM Power Automation System (PAS). The vendor has patched one of the flaws and is currently working on addressing the other one. SICAM PAS is an automation system used by energy companies worldwide to operate electrical substations. The Windows-based software product is advertised as scalable, flexible, easy to operate and cost-efficient. Read the Full Story at SecurityWeek
Drone Attacks on Industrial Sites: A New Front in Cyber-Physical Security
We are happy to announce what will be a fascinating talk at the 2016 ICS Cyber Security Conference, presented by Jeff Melrose, Principal Technology Strategist for Cybersecurity at Yokogawa US. Abstract With new Drone technologies appearing in the consumer space daily, Industrial Site operators are being forced to rethink their most fundamental assumptions about Industrial Sites and Cyber-Physical security. This presentation will cover Electronic Threats, Electronic Defensive measures, Recent Electronic jamming incidents, Latest Drone Threats and capabilities, defensive planning, and Electronic Attack Threats
FERC’s Delaying of NERC CIP V5 Implementation Reinforces Need for Strong Cybersecurity Culture
Last week, the Federal Energy Regulatory Commission (FERC) granted a motion to postpone implementation of the North American Electric Reliability Corporation(NERC) Critical Infrastructure Protection (CIP) V5 Standards from April until July 1, 2016. Ted Gutierrez, the industrial control systems (ICS) & NERC CIP Product Manager at the SANS Institute conceded that the announcement was indeed, “a head scratching move from FERC,” as the implementation of V5 is now delayed to coincide with the unveiling of V6 standards. As such, facility owners
Financial Services Roundtable Ad Campaign Urges Congress to Pass CISA
The Financial Services Roundtable (FSR), an advocacy organization supporting financial, insurance, and asset management firms across the U.S., has launched a new ad campaign urging the Senate to pass the Cybersecurity Information Sharing Act (CISA), a bill designed to enable businesses to voluntarily and bilaterally share cyber threat information to protect consumers from cyber threats. The multiple-week advocacy campaign launched today in the nation’s capital and includes radio, digital and social media ads. The campaign also includes the release of a
Industrial Control Systems Are Under Threat – Best Practices Can Reduce Risk
On September 10, 2015, during testimony to the House Select Committee on Intelligence, U.S. Director of National Intelligence James R. Clapper stated that "Politically motivated cyber-attacks are now a growing reality, and foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary's intent became hostile." Clapper further noted that "Russian cyber-actors are developing means to remotely access industrial control systems (ICS) used to manage critical infrastructures.…Russian actors successfully
CyberWar Threat: The Chilling Reality of Threats Facing America’s Critical Infrastructure (NOVA Video)
Joe Weiss, founder of the Industrial Control Systems (ICS) Cyber Security Conference, and several leading experts were featured this week in PBS' NOVA. The full episode, CyberWar Threat, is embedded here. SecurityWeek's 2015 ICS Cyber Security Conference Takes Place October 26 - 29th at the Georgia Tech Hotel and Conference Center in Atlanta. Online registration is available. Description from PBS: NOVA examines the science and technology behind cyber warfare and asks if we are already in the midst of a deadly new arms race. Already, highly sophisticated, stealthy computer
White House Pledges $160 Million to Support Smart City Research and Development
The Obama Administration on Sept. 14 announced a new “Smart Cities” Initiative that will invest over $160 million in federal research and leverage more than 25 new technology collaborations to help local communities tackle key challenges such as reducing traffic congestion, fighting crime, fostering economic growth, managing the effects of a changing climate, and improving the delivery of city services. As part of the initiative, the White House promised nearly $70 million in new spending and over $45 million in proposed
ICS Flaw Disclosures at High Levels Since Stuxnet Attack, Report Says
(SecurityWeek) - The number of publicly disclosed vulnerabilities affecting industrial control systems (ICS) has increased considerably since the Stuxnet attack, shows a report published on Wednesday by threat intelligence firm Recorded Future. Researchers have uncovered numerous vulnerabilities in ICS products over the past years and experts have often warned that attacks against critical infrastructure companies housing such systems can have devastating effects. However, so far there have been only a few reports of damaging ICS attacks, the most notable being the 2011
Schneider Electric Patches PLC Vulnerabilities Disclosed at DEF CON
(SecurityWeek) - Schneider Electric has released firmware patches to address a couple of vulnerabilities affecting some of the company’s Modicon programmable logic controller (PLC) products. The security holes affect the following Modicon M340 Central Processing Units (CPUs) and ethernet communication modules: BMXNOC0401, BMXNOC0402, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H and BMXP342030H. The flaws were disclosed on August 8 at the DEF CON conference in Las Vegas by Elastica researcher Aditya K. Sood. The issues were reported by the expert to ICS-CERT