This month’s issue of IEEE Security and Privacy magazine features a few articles about security in the process control space that might be worth the read.  Since the journal isn’t specific to control systems it provides background information on SCADA and DCS. It may be a good start for IT and other departments beginning to [...]

Antivirus is one of those things that is a standard recommendation on almost any assessment you’ll find, but maybe this is something we need to start rethinking.  We all know that for the most part the current AV model is an arms race that’s not very functional, and I think it may be even more [...]

It’s a busier day than usual in regards to network security, and a couple of those events are worth noting here.
For starters it looks like some malware delivery website(s) are targeting industrial control software.  An older vulnerability in an ActiveX control included with ICONICS OPC-enabled visualization tools is being actively exploited by at least one [...]

Recently I’ve attended a few training classes/sales pitches on some new field devices coming into the market, and a trend that I’m seeing is more and more of them are being built on x86 processors running embedded Windows operating systems.  A lot of things can come from this trend, more features, a larger pool of [...]

This vulnerability was made public a few days ago now, and we’ve put together a signature to detect it.  This is another very simple stack based overflow, seeing far too many of these in SCADA software; I hope vendors have already started doing some internal code audits to find these with the increased exposure the [...]

There has been a lot of buzz lately about the Denial of Service vulnerability that a Swedish security firm, Outpost24, have discovered.  Right now, the details are a bit limited, as the researchers aren’t going to release details until they present at the T2 conference in Helsinki later this month.  This is similar to the [...]

I took some time to circle back to the Citect ODBC vulnerability and the signature we released for it a couple weeks ago.  After talking to some others in the community and taking another look at things it looks like there was some evasion for the previous signature.  The first signature we released should alert [...]

It occurred to me as I was writing up the previous post that there’s probably a good chance that some of our readers aren’t familiar with Metasploit or other exploitation frameworks, so I’ve created a SCADApedia page outlining the basics and giving a brief description of the more popular platforms. I’ve used Metasploit for a [...]

Friday evening a metasploit module was released that will exploit the Citect ODBC vulnerability that Core discovered earlier this year.  There isn’t not a whole lot to talk about in relation to the vulnerability itself, the details previously released (along with the patch) were more than enough for any reasonably skilled attacker to create reliable [...]

Last week at PCSF there were a few issues that seemed to work their way into every presentation and discussion.  It seems that both vendors and asset owners are looking hard for the government or some other entity to provide vulnerabilities with some sort of risk equation, but as of yet no one has really [...]