Flaw in Schneider Industrial Firewalls Allows Remote Code Execution

On Wednesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, in a presentation meant to demonstrate that attackers could easily bypass defenses if proper ICS protection technologies are not in place, researchers at industrial security firm CyberX disclosed the existence of several important flaws. One of them affects Schneider Electric’s ConneXium TCSEFEC family of industrial ethernet…

Cisco Patches 9 Flaws in Email Security Appliance

The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…

Enabling the Industrial Internet of Things with Unidirectional CloudConnect

Waterfall Security Solutions launched Unidirectional CloudConnect, a solution based on its patented Unidirectional Gateway technology, designed to meet the challenges of both cybersecurity and interoperability. “Waterfall’s Unidirectional CloudConnect is an essential enabler for the Industrial Internet of Things. CloudConnect secures industrial sites from cyberattacks from the cloud and the Internet, while delivering seamless interoperability of…

Was the Dyn DDoS attack actually a script kiddie v. PSN?

The massive DDoS attack that disrupted the internet address-lookup service Dyn last week was perhaps pulled off by a script kiddie targeting PlayStation Network and using Mirai malware to assemble a massive IoT botnet, according to research by Flashpoint. “Flashpoint assesses with moderate confidence that the most recent Mirai attacks are likely connected to the…

ICS Networks at Risk Due to Flaw in Schneider PLC Simulator

On Tuesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, Indegy CTO Mille Gandelsman disclosed a vulnerability found by the company in Unity Pro, a Windows-based programming, debugging and operating software for Schneider’s programmable logic controllers (PLCs). Unity Pro, typically deployed on engineering workstations, includes a PLC simulator component that allows users to test applications without…

7 Scary Ransomware Families

As the season of evil witches, ghosts, goblins, and ghouls approaches, it’s time to be on guard. But security managers face scary prospects year-round, especially as new strains of ransomware escalate. And ransomware variants are getting more pervasive – and creepier – than ever. The FBI says that from Jan. 1, 2016 to June 30,…