Security CERT Global
- CERTFR-2024-AVI-0353 : Multiples vulnérabilités dans le noyau Linux de Red Hat (26 avril 2024)
- CERTFR-2024-AVI-0349 : [SCADA] Vulnérabilité dans les produits Belden (26 avril 2024)
- CERTFR-2024-AVI-0350 : Multiples vulnérabilités dans les produits IBM (26 avril 2024)
- CERTFR-2024-AVI-0352 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (26 avril 2024)
- CERTFR-2024-AVI-0351 : Multiples vulnérabilités dans le noyau Linux de SUSE (26 avril 2024)
- NIS2 – Richtlinie: Ein zweiter Blick auf den Text
- Ny chef for DKCERT udpeget
- CERT-SE:s veckobrev v.17
- JVN: Chirp Systems製スマートフォンアプリ「Chirp Access」におけるハードコードされたパスワードの使用の脆弱性
- JVN: 複数のHoneywell製品における複数の脆弱性
- JVN: Hitachi Energy製RTU500シリーズおよびMACH SCMにおける複数の脆弱性
- ALERT Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services: CVSS (Max): 8.6
- OpenShift Virtualization 4.14.5 Images: CVSS (Max): 7.5
- unbound: CVSS (Max): 7.5
- buildah: CVSS (Max): 8.6
- yajl: CVSS (Max): 6.5
- buildah: CVSS (Max): 8.6
- Service Telemetry Framework 1.5.4: CVSS (Max): 7.5
- FreeRDP: CVSS (Max): 7.5
- Zabbix: CVSS (Max): 5.4
- Honeywell Products: CVSS (Max): 8.1
- Hitachi Energy MACH SCM: CVSS (Max): 7.5
- nghttp2: CVSS (Max): 7.5
- UPDATE Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software: CVSS (Max): 6.0
- Hitachi Energy RTU500 series: CVSS (Max): 8.2
- MozillaThunderbird: CVSS (Max): 7.5
- Siemens RUGGEDCOM APE1808 Devices: CVSS (Max): 10.0
- buildah: CVSS (Max): 8.6
- putty: CVSS (Max): 8.1
- CryptoJS: CVSS (Max): 9.1
- SUSE Manager Client Tools: CVSS (Max): 5.4
- cockpit-wicked: CVSS (Max): 5.3
- ALERT Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software: CVSS (Max): 6.0
- UPDATE ALERT Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services: CVSS (Max): 8.6
- tigervnc: CVSS (Max): 7.8
- Linux Kernel (Live Patch 19 for SLE 15 SP4): CVSS (Max): 7.8
- cockpit-wicked: CVSS (Max): 5.3
- Linux Kernel (Live Patch 23 for SLE 15 SP4): CVSS (Max): 7.8
- tigervnc: CVSS (Max): 7.8
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software: CVSS (Max): 6.0
- FreeRDP: CVSS (Max): 9.8
- tigervnc: CVSS (Max): 7.8
- SUSE Manager Client Tools and Salt: CVSS (Max): 8.5
- tigervnc: CVSS (Max): 7.8
- libreswan: CVSS (Max): 5.0
- IBM WebSphere Application Server and IBM WebSphere Application Server Liberty: CVSS (Max): 5.9
- python-idna: CVSS (Max): 6.5
- Cortex XDR: CVSS (Max): None
- nrpe: CVSS (Max): None
- tigervnc: CVSS (Max): 7.8
MGS+ ICS Security Report May 2017
MGS+ ICS Security Report May 2017: Editor Picks: News Intelligence Alerts Report
ABB buys B&R to help it challenge Siemens in industrial automation
Swiss engineering group ABB (ABBN.S) has bought Austrian industrial automation company Bernecker & Rainer, a move that fits in with its strategy of expanding its products to better challenge German rival Siemens (SIEGn.DE) on the factory floor.
Source: http://www.reuters.com/article/us-abb-rainer-idUSKBN1760DW
Taking cybersecurity a step further with attribute-based access control
2016 was a rough year not only for enterprises but also for federal agencies when it comes to cyberattacks. These attacks weren’t just occurring in the United States, but all around the globe.
Source: https://federalnewsradio.com/commentary/2017/04/taking-cybersecurity-step-attribute-based-access-controls/
How legacy industrial equipment is vulnerable to attack
With legacy industrial equipment facing a growing number of threats when connected to the internet, how can plants ensure the safety of their devices?
Source: http://www.information-age.com/legacy-industrial-equipment-vulnerable-attack-123465162/
This AI System Can Steal Code to Make Itself Smarter
While Artificial Intelligence systems continue to improve, one AI is doing that in a unique way. Microsoft and the University of Cambridge partnered on DeepCoder, a deep learning AI meant to mimic the learning patterns found in the human brain.
Source: http://interestingengineering.com/ai-system-can-steal-code-to-make-itself-smarter/
Powering-up Digital Transformation in Industrial Sectors
Why is it that when Forrester polled global enterprises, 83% of energy respondents and 74% of respondents in manufacturing put digital transformation at the top of their business priorities? It’s because business and IT decision makers in both sectors see digital transformation as the path to growth and innovation.
Source: http://www.securityweek.com/powering-digital-transformation-industrial-sectors
Energy facility cyber incidents rose nearly a third last year, DHS says
Homeland Security received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
Source: http://fuelfix.com/blog/2017/03/22/energy-facility-cyber-incidents-rose-nearly-a-third-last-year-dhs-says/
Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure
Cyber defenders still don’t understand the real threats that the power grid, energy plants and other critical infrastructure face.
Source: https://motherboard.vice.com/en_us/article/kbykyx/dont-worry-about-cyber-pearl-harbor-but-hackers-are-already-targeting-our-critical-infrastructure
Schneider Electric and Accenture Build a Digital Services Factory to Speed Development of Industrial IoT
New capability aims to reduce time between product ideation and market launch from three years to less than eight months
Source: http://www.stockhouse.com/news/press-releases/2017/04/26/schneider-electric-and-accenture-build-a-digital-services-factory-to-speed
Hackers increase attacks on energy sector computers
Reports released this past week by U.S. security officials and private cybersecurity researchers suggest hacking of energy facility computers is on the rise, and happens far more often than the public assumes. The Department of Homeland Security said it received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
Source: http://www.houstonchronicle.com/business/article/Hackers-increase-attacks-on-energy-sector-11026522.php?cmpid=twitter-premium