Security News
The U.S. Cybersecurity and Infrastructure Security Agency has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them. CISA is giving federal agencies until October 6th to patch security vulnerabilities that have been reported between 2010 and 2022.
The outgoing head of Israeli foreign intelligence service Mossad has suggested that Stuxnet wasn't the only spanner in the works his agency put into Iran's nuclear programme. In an interview last week, Yossi Cohen intimated that Iran's uranium-enrichment centrifuges at the Natanz facility had been physically destroyed in the past year, requiring a rebuild.
Iran has admitted that one of its nuclear facilities went offline over the weekend, and a single report claiming Israeli cyber-weapons were the cause has been widely accepted as a credible explanation for the incident. Iran on Sunday published this announcement that said an "Accident" impacted the "Electricity distribution network" at its Natanz enrichment facility.
LC: Trying to plug IT security on top of operations has caused the water to be bloodied for many years, often times there are very hostile relationships between the IT and the operational teams because IT security's been trying to force what we consider standard cyber security models on top of the OT systems, and it just doesn't work. So if you don't have basic incident response preparation done in either your IT or OT environment, you're going to see spending a lot more money when you have an incident to have it done by your consulting incident respondent, or even your on staff highly paid incident responders.
"The impact is that a malicious actor can start and stop the PLC remotely without authenticating with the engineering software," said Trustwave's Seok Min Lim in an advisory this week, adding: "Our research shows that SoMachine Basic does not perform adequate checks on critical values used in the communications with PLC. The vulnerability can potentially be used to send manipulated packets to the PLC, without the software being aware of the manipulation." Although Schneider's PLC design was only supposed to accept a single user session from the engineering software at a time, Trustwave was able to use Address Resolution Protocol poisoning to keep the session alive while logging out the real user.
Researchers have found another vulnerability in software made by Schneider Electric that is similar to the one exploited by the notorious Stuxnet malware. Researchers at cybersecurity firm Trustwave reported on Thursday that they too have identified a similar vulnerability in Schneider software, specifically EcoStruxure Machine Expert, which allows users to develop projects on Modicon M221 controllers.
Researchers demonstrated recently that hackers could launch a Stuxnet-style attack against Schneider Electric's Modicon programmable logic controllers, but it's believed that products from other vendors could also be vulnerable to the same type of attack. Researchers at Airbus CyberSecurity have analyzed Schneider Electric's Modicon M340 PLC to determine if it's vulnerable to similar attacks.
Yahoo News reported this week that an Iranian mole recruited by Dutch intelligence helped the United States and Israel sabotage Iran’s nuclear program by planting the read more
Power, infrastructure, factory gear can be hijacked without any password check at all Industrial control software vulnerabilities, which would be perfect for next-gen Stuxnet-style worms to...
Flowershop, Equation, Flame and Duqu appear to have a hand in the different phases of Stuxnet development, all working as part of an operation active as early as 2006.