ICS & IoT Security News

28 Feb 2018
Siemens Releases BIOS Updates to Patch Intel Chip Flaws
Germany - Siemens has released BIOS updates for several of its industrial devices to patch vulnerabilities discovered recently in Intel chips, including Meltdown, Spectre and flaws affecting the company’s Management Engine technology. Siemens has determined that the security holes expose many of its product lines to attacks, including RUGGEDCOM, SIMATIC, SIMOTION, SINEMA, and SINUMERIK. Following the disclosure of the Meltdown and Spectre attack methods, industrial control systems (ICS) manufacturers immediately started analyzing the impact of the flaws on their products.

(Sitrep 31)

[More: securityweek.com ]

27 Feb 2018
Emerson’s Releases Mitigation Plan for ControlWave
US - A family of SCADA RTUs, PLCs, PACs, and flow computers, ControlWave Micro [ProConOS v.4.01.280] – firmware: CWM v.05.78.00 and prior suffer from the remotely exploitable vulnerability. ControlWave Micro Process Automation Controller is a hybrid remote terminal unit (RTU)/programmable logic controller (PLC) used around the world, particularly in the energy, and water and wastewater systems sectors.

[More: isssource.com | ICS-CERT (ICSA-18-058-03) | securityweek.com ]


25 Feb 2018
UK School's CCTV Hacked and Stream Online
UK - Four British schools were found among hundreds of public spaces, businesses and private homes whose security was breached because their cameras weren’t protected by passwords. Live video feeds from the schools are being streamed on a US-based website that collects them. According to a report by anti-surveillance advocacy group Big Brother Watch, more than 200 schools across the UK use security cameras in toilets.

[More: dailymail.co.uk | thesun.co.uk | nakedsecurity.sophos.com ]

20 Feb 2018
Palo Alto Releases Industrial Firewall
US - Palo Alto Networks announced the introduction of its ruggedized PA-220R next-generation firewall. This new NGFW appliance is designed to prevent successful cyberattacks in the network environments of industrial control systems, or ICS, and supervisory control and data acquisition, or SCADA, systems. Palo Alto Networks said the product works with various industrial applications and protocols, including OSIsoft PI, Siemens S7, Modbus, DNP3, and IEC 60870-5-104. 

[More: prnewswire.com | paloaltonetworks.com | securityweek.com ]

16 Feb 2018
Siemens Leads Launch of Global Cybersecurity Initiative
Germany - ICS/SCADA giant Siemens, along with IBM, Airbus, Allianz, Daimler, NXP, SGS, T-Mobile, and the Munich Security Conference, today outlined a new global effort aimed at making cybersecurity a default major component and philosophy for businesses and governments in order to protect critical infrastructure, businesses, and individuals worldwide.

[More: darkreading.com | siemens.com ]

15 Feb 2018
Russian Military Blamed for NotPetya Cyber Attack
UK - Both the UK & US governments have officially claimed Russian military intelligence was responsible for the NotPetya attack last June, which took down IT systems in Ukraine before spreading to 64 other countries, including the UK. Moscow denies being behind the attack, calling such claims "Russophobic". One of the most affected victim is shipping giant Maersk, which miraculously managed to reinstall 50,000 computers under 10 days (See Sitrep 33

[More: bbc.com | independent.co.uk | reuters.com ]

14 Feb 2018
NIST Working on Global IoT Cybersecurity Standards
US - The National Institute of Standards and Technology (NIST) Interagency International Cybersecurity Standardization Working Group (IICS WG) released a major draft Report laying out its view of the IoT landscape and attempting to capture domestic and international efforts to create standards. NIST has now published the draft NISTIR document and is seeking feedback, especially on the information about the state of cybersecurity standardization for IoT by April 18.

[More: wileyconnect.com | csrc.nist.gov | nist.gov ]

13 Feb 2018
DoubleDoor: IoT Botnet Bypasses Firewall & Modem Security with Two Backdoors
US - A newly discovered Internet of Things (IoT) botnet is using two exploits to ensure it can not only bypass authentication on targeted devices, but also render additional protections useless, NewSky Security has discovered. The first malicious code uses a Juniper Networks SmartScreen OS exploit, and the second uses a Zyxel modem backdoor exploit to take full control over the IoT device.

[More: blog.newskysecurity.com | helpnetsecurity.com | securityaffairs.co ]

9 Feb 2018
Russian Nuclear Scientists Arrested for 'Bitcoin Mining Plot'
Russia - Russian security officers have arrested several scientists working at a top-secret Russian nuclear warhead facility for allegedly mining crypto-currencies. The suspects had tried to use one of Russia's most powerful supercomputers to mine Bitcoins, media reports say. The supercomputer was not supposed to be connected to the internet - to prevent intrusion - and once the scientists attempted to do so, the nuclear centre's security department was alerted. They were handed over to the Federal Security Service (FSB), the Russian news service Mash says. It appears that this is the 2nd revelation of ICS systems being exploited by insiders for mining crypto-currencies, after a similar occurrence in Europe (SITREP 34)

[More: bbc.com | thehackernews.com | theverge.com ]

 Trainings & Events 


Special Discount of USD200 available for REDCONSA's Partners & Newsletter Subscribers!

Email now to advisors@redconsa.sg for limited discount codes!

Past Year Videos

Copyright © 2018 REDCON Security Advisors, All rights reserved.

Our mailing address is: