April 30, 2024 at 10:47AM Summary: The vulnerability report concerns Delta Electronics’ CNCSoft-G2 software, where a stack-based buffer overflow could lead to arbitrary code execution. Versions 2.0.0.5 and prior are affected. The report includes mitigation measures, a risk evaluation, affected products, technical details, and background information. CVE-2024-4192 has been assigned to this vulnerability. From the … Read more
March 5, 2024 at 02:55PM The proliferation of programmable logic controllers (PLCs) with embedded Web servers has enabled remote attacks on industrial control systems. A team at the Georgia Institute of Technology has developed Web-based malware to exploit PLCs, manipulatively controlling physical systems and posing severe threats to critical infrastructure and safety. The method provides … Read more
March 5, 2024 at 07:06AM A recent US CISA advisory disclosed critical and high-severity vulnerabilities in the Zeek network security monitoring tool’s Ethercat plugin, impacting ICS environments. The vulnerabilities, tracked as CVE-2023-7244, CVE-2023-7243, and CVE-2023-7242, could allow threat actors to execute attacks. The researcher, Cameron Whitehead, identified these vulnerabilities, impacting over 10,000 Zeek deployments globally. … Read more
December 13, 2023 at 03:56PM MITRE and collaborators release the EMB3D Threat Model, aiming to enhance security in embedded devices for critical infrastructure. The model offers vendors, asset owners, and researchers a common understanding of vulnerabilities and security mechanisms. EMB3D is a significant advancement in dealing with evolving threats and providing standardized security measures for … Read more
December 4, 2023 at 08:12AM Cyber Av3ngers, a group linked to the Iranian government, is attacking industrial control systems (ICS) at several US water facilities, reports SecurityWeek. Clear Takeaways from Meeting Notes: 1. The Cyber Av3ngers group is actively targeting industrial control systems (ICS) at various water facilities. 2. There is an affiliation between the … Read more
October 26, 2023 at 10:39AM The 2023 ICS Cybersecurity Conference in Atlanta continues with stakeholders focusing on the challenges of securing OT and ICS systems. On-demand videos from previous days are available, and some sessions will be live-streamed. Presentations cover topics such as building resilient defenses, establishing OT SOCs, physical protection of networks, remote logical … Read more
October 10, 2023 at 09:54AM SecurityWeek will host the 2023 Industrial Control Systems (ICS) Cybersecurity Conference from October 23-26, 2023, in Atlanta. The event, now in its 22nd year, focuses on cybersecurity for industrial control systems and operational technology. The conference will feature over 75 sessions, including technical and strategy sessions, and will address various … Read more