On Wednesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, in a presentation meant to demonstrate that attackers could easily bypass defenses if proper ICS protection technologies are not in place, researchers at industrial security firm CyberX disclosed the existence of several important flaws. One of them affects Schneider Electric’s ConneXium TCSEFEC family of industrial ethernet…

The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…

Waterfall Security Solutions launched Unidirectional CloudConnect, a solution based on its patented Unidirectional Gateway technology, designed to meet the challenges of both cybersecurity and interoperability. “Waterfall’s Unidirectional CloudConnect is an essential enabler for the Industrial Internet of Things. CloudConnect secures industrial sites from cyberattacks from the cloud and the Internet, while delivering seamless interoperability of…

The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint. “Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the…

On Tuesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, Indegy CTO Mille Gandelsman disclosed a vulnerability found by the company in Unity Pro, a Windows-based programming, debugging and operating software for Schneider’s programmable logic controllers (PLCs). Unity Pro, typically deployed on engineering workstations, includes a PLC simulator component that allows users to test applications without…

As the season of evil witches, ghosts, goblins, and ghouls approaches, it’s time to be on guard. But security managers face scary prospects year-round, especially as new strains of ransomware escalate. And ransomware variants are getting more pervasive – and creepier – than ever. The FBI says that from Jan. 1, 2016 to June 30,…