Security CERT Global
- CISA and ENISA enhance their Cooperation
- VU#811862: Image files in UEFI can be abused to modify boot behavior
- CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps
- CERTFR-2023-AVI-0998 : Multiples vulnérabilités dans Google Chrome (06 décembre 2023)
- CERTFR-2023-AVI-0997 : Vulnérabilité dans SolarWinds Serv-U (06 décembre 2023)
- CERTFR-2023-AVI-1000 : Multiples vulnérabilités dans Progress MOVEit Transfer (06 décembre 2023)
- CERTFR-2023-AVI-1001 : Vulnérabilité dans Atlassian Confluence (06 décembre 2023)
- CERTFR-2023-AVI-0999 : Vulnérabilité dans ElasticSearch pour Hadoop (06 décembre 2023)
- Kritisk RCE-sårbarhet i Confluence-produkter
- Warfare and Geopolitics are Fuelling Denial-of-Service Attacks
- Oracle Security Update
- SUSE Security Update
- Lenovo Security Update
- Red Hat Security Update
- Mageia Security Update
- Chrome Security Update
- MediaTek Security Update
- Ubuntu Security Update
- IBM Security Update
- Dell Security Update
- Android Security Update
- JVN: Zebra Technologies製ZTCプリンターにおける代替パスまたはチャネルを使用した認証回避の脆弱性
- JVN: 複数のCODESYS Control製品におけるOSコマンドインジェクションの脆弱性
- JVN: FXC製無線LANルータ「AE1021PE」および「AE1021」におけるOSコマンドインジェクションの脆弱性
- お知らせ:制御システムセキュリティカンファレンス 2024参加登録開始
- FXC wireless LAN routers "AE1021PE" and "AE1021" vulnerable to OS command injection
- ESB-2023.7260 - [RedHat] OpenShift Container Platform 4.14.5: CVSS (Max): 7.5
- ESB-2023.7265 - [Ubuntu] Linux kernel: CVSS (Max): 8.8
- ESB-2023.7261 - [Appliance] Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d: CVSS (Max): 5.4
- ESB-2023.7257 - [Ubuntu] Redis: CVSS (Max): 8.8
- ESB-2023.7263 - [RedHat] postgresql:12: CVSS (Max): 8.8
- ESB-2023.7258 - [Ubuntu] HAProxy: CVSS (Max): 7.5
- ESB-2023.7264 - [Cisco] Cisco Systems: CVSS (Max): 4.1
- ESB-2023.7259 - [RedHat] Service Registry: CVSS (Max): 8.1
- ESB-2023.7266 - [Ubuntu] Linux kernel (OEM): CVSS (Max): 7.0
- ESB-2023.7262 - [Win][UNIX/Linux] Google Chrome: CVSS (Max): None
- Weekly Report: 複数のApple製品に脆弱性
- Weekly Report: JPCERT/CCが「ICS脆弱性分析レポート - 2023年度上期 -」を公開
- Weekly Report: Apache Tomcatにリクエストスマグリングの脆弱性
- Weekly Report: Ruckus Access Pointにクロスサイトスクリプティングの脆弱性
- Weekly Report: Google Chromeに複数の脆弱性
- CISA Adds Four Known Exploited Vulnerabilities to Catalog
- Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
- CISA Releases Two Industrial Control Systems Advisories
- CERTFR-2023-AVI-0994 : Multiples vulnérabilités dans SonicWall SMA (05 décembre 2023)
- CERTFR-2023-AVI-0996 : Vulnérabilité dans TheGreenBow VPN Client (05 décembre 2023)
- CERTFR-2023-AVI-0995 : Multiples vulnérabilités dans Google Android (05 décembre 2023)
- CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
- Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
- お知らせ:JPCERT/CC Eyes「サイバー攻撃被害に係る情報の意図しない開示がもたらす情報共有活動への影響について」
MGS+ ICS Security Report May 2017
MGS+ ICS Security Report May 2017: Editor Picks: News Intelligence Alerts Report
ABB buys B&R to help it challenge Siemens in industrial automation
Swiss engineering group ABB (ABBN.S) has bought Austrian industrial automation company Bernecker & Rainer, a move that fits in with its strategy of expanding its products to better challenge German rival Siemens (SIEGn.DE) on the factory floor.
Source: http://www.reuters.com/article/us-abb-rainer-idUSKBN1760DW
Taking cybersecurity a step further with attribute-based access control
2016 was a rough year not only for enterprises but also for federal agencies when it comes to cyberattacks. These attacks weren’t just occurring in the United States, but all around the globe.
Source: https://federalnewsradio.com/commentary/2017/04/taking-cybersecurity-step-attribute-based-access-controls/
How legacy industrial equipment is vulnerable to attack
With legacy industrial equipment facing a growing number of threats when connected to the internet, how can plants ensure the safety of their devices?
Source: http://www.information-age.com/legacy-industrial-equipment-vulnerable-attack-123465162/
This AI System Can Steal Code to Make Itself Smarter
While Artificial Intelligence systems continue to improve, one AI is doing that in a unique way. Microsoft and the University of Cambridge partnered on DeepCoder, a deep learning AI meant to mimic the learning patterns found in the human brain.
Source: http://interestingengineering.com/ai-system-can-steal-code-to-make-itself-smarter/
Powering-up Digital Transformation in Industrial Sectors
Why is it that when Forrester polled global enterprises, 83% of energy respondents and 74% of respondents in manufacturing put digital transformation at the top of their business priorities? It’s because business and IT decision makers in both sectors see digital transformation as the path to growth and innovation.
Source: http://www.securityweek.com/powering-digital-transformation-industrial-sectors
Energy facility cyber incidents rose nearly a third last year, DHS says
Homeland Security received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
Source: http://fuelfix.com/blog/2017/03/22/energy-facility-cyber-incidents-rose-nearly-a-third-last-year-dhs-says/
Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure
Cyber defenders still don’t understand the real threats that the power grid, energy plants and other critical infrastructure face.
Source: https://motherboard.vice.com/en_us/article/kbykyx/dont-worry-about-cyber-pearl-harbor-but-hackers-are-already-targeting-our-critical-infrastructure
Schneider Electric and Accenture Build a Digital Services Factory to Speed Development of Industrial IoT
New capability aims to reduce time between product ideation and market launch from three years to less than eight months
Source: http://www.stockhouse.com/news/press-releases/2017/04/26/schneider-electric-and-accenture-build-a-digital-services-factory-to-speed
Hackers increase attacks on energy sector computers
Reports released this past week by U.S. security officials and private cybersecurity researchers suggest hacking of energy facility computers is on the rise, and happens far more often than the public assumes. The Department of Homeland Security said it received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
Source: http://www.houstonchronicle.com/business/article/Hackers-increase-attacks-on-energy-sector-11026522.php?cmpid=twitter-premium