Security CERT Global
- ICS Security Conference 2024
- JVN: NETGEAR製ルーターにおけるバッファオーバーフローの脆弱性
- JVN: RoamWiFi R10における複数の脆弱性
- NETGEAR routers vulnerable to buffer overflow
- Multiple vulnerabilities in RoamWiFi R10
- Linux Kernel (Live Patch 47 for SLE 12 SP5): CVSS (Max): 7.8
- Linux Kernel (Live Patch 6 for SLE 15 SP5): CVSS (Max): 7.8
- Linux kernel: CVSS (Max): 7.8
- Ruby: CVSS (Max): None
- qemu: CVSS (Max): 8.2
- Linux Kernel (Live Patch 8 for SLE 15 SP5): CVSS (Max): 7.8
- Linux Kernel (Live Patch 10 for SLE 15 SP5): CVSS (Max): 7.8
- jasper: CVSS (Max): 7.5
- qemu: CVSS (Max): 8.2
- Linux Kernel: CVSS (Max): 7.8
- glibc: CVSS (Max): 8.8
- Linux Kernel: CVSS (Max): 7.8
- Linux Kernel: CVSS (Max): 7.8
- Google Guest Agent and Google OS Config Agent: CVSS (Max): 5.9
- Squid: CVSS (Max): 8.6
- kubernetes1.23: CVSS (Max): 2.7
- Linux Kernel: CVSS (Max): 7.8
- kubernetes1.24: CVSS (Max): 2.7
- opensc: CVSS (Max): 4.4
- Linux Kernel: CVSS (Max): 7.8
- Weekly Report: 経済産業省が「工場システムにおけるサイバー・フィジカル・セキュリティ対策ガイドラインVer 1.0」および「工場システムにおけるサイバー・フィジカル・セキュリティ対策ガイドライン【別冊:スマート化を進める上でのポイント】」の英訳版を公表
- Weekly Report: LINE client for iOSにおけるサーバ証明書の検証不備の脆弱性
- Weekly Report: IPAが「アタックサーフェスの Operational Relay Box 化を伴うネットワーク貫通型攻撃について Adobe ColdFusion の脆弱性(CVE-2023-29300)を狙う攻撃」に関する注意喚起を公表
- Weekly Report: バッファロー製無線LANルーターに複数の脆弱性
- Weekly Report: TensorFlowベースのKerasモデルに含まれるLambdaレイヤにコードインジェクションが発生する問題
- Weekly Report: WordPress用プラグインForminatorにおける複数の脆弱性
- Weekly Report: Proscend Communications製M330-WおよびM330-W5におけるOSコマンドインジェクションの脆弱性
- Weekly Report: PuTTY SSHクライアントのECDSA署名処理に脆弱性
- Weekly Report: CISAが「Deploying AI Systems Securely」を公表
- Weekly Report: 2024年4月Oracle Critical Patch Updateについて
- Weekly Report: LINEヤフー社製Armeria-samlにおけるSAMLメッセージ取り扱い不備
- CISA Releases Two Industrial Control Systems Advisories
- CISA Adds One Known Exploited Vulnerability to Catalog
- Udnyttelse af Palo Altofirewalls igang
- Microsoft: APT28 udnytter Windows-fejl
- JVN: TvRock におけるクロスサイトリクエストフォージェリの脆弱性
- JVN: TvRock におけるサービス運用妨害 (DoS) の脆弱性
- JVN: WindowsカーネルドライバーのIOCTL処理におけるアクセス制御不備の脆弱性
- Multiple third-party kernel drivers for Windows vulnerable to improper access control on IOCTL
- Ever wondered how a cyber crime gang operates?
- TvRock vulnerable to denial-of-service (DoS)
- TvRock vulnerable to cross-site request forgery
- Linux Kernel (Live Patch 50 for SLE 12 SP5): CVSS (Max): 7.8
- Linux Kernel (Live Patch 1 for SLE 15 SP5): CVSS (Max): 7.8
- openjdk-11: CVSS (Max): 3.7
MGS+ ICS Security Report May 2017
MGS+ ICS Security Report May 2017: Editor Picks: News Intelligence Alerts Report
ABB buys B&R to help it challenge Siemens in industrial automation
Swiss engineering group ABB (ABBN.S) has bought Austrian industrial automation company Bernecker & Rainer, a move that fits in with its strategy of expanding its products to better challenge German rival Siemens (SIEGn.DE) on the factory floor.
Source: http://www.reuters.com/article/us-abb-rainer-idUSKBN1760DW
Taking cybersecurity a step further with attribute-based access control
2016 was a rough year not only for enterprises but also for federal agencies when it comes to cyberattacks. These attacks weren’t just occurring in the United States, but all around the globe.
Source: https://federalnewsradio.com/commentary/2017/04/taking-cybersecurity-step-attribute-based-access-controls/
How legacy industrial equipment is vulnerable to attack
With legacy industrial equipment facing a growing number of threats when connected to the internet, how can plants ensure the safety of their devices?
Source: http://www.information-age.com/legacy-industrial-equipment-vulnerable-attack-123465162/
This AI System Can Steal Code to Make Itself Smarter
While Artificial Intelligence systems continue to improve, one AI is doing that in a unique way. Microsoft and the University of Cambridge partnered on DeepCoder, a deep learning AI meant to mimic the learning patterns found in the human brain.
Source: http://interestingengineering.com/ai-system-can-steal-code-to-make-itself-smarter/
Powering-up Digital Transformation in Industrial Sectors
Why is it that when Forrester polled global enterprises, 83% of energy respondents and 74% of respondents in manufacturing put digital transformation at the top of their business priorities? It’s because business and IT decision makers in both sectors see digital transformation as the path to growth and innovation.
Source: http://www.securityweek.com/powering-digital-transformation-industrial-sectors
Energy facility cyber incidents rose nearly a third last year, DHS says
Homeland Security received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
Source: http://fuelfix.com/blog/2017/03/22/energy-facility-cyber-incidents-rose-nearly-a-third-last-year-dhs-says/
Don’t Worry About ‘Cyber Pearl Harbor,’ But Hackers Are Already Targeting Our Critical Infrastructure
Cyber defenders still don’t understand the real threats that the power grid, energy plants and other critical infrastructure face.
Source: https://motherboard.vice.com/en_us/article/kbykyx/dont-worry-about-cyber-pearl-harbor-but-hackers-are-already-targeting-our-critical-infrastructure
Schneider Electric and Accenture Build a Digital Services Factory to Speed Development of Industrial IoT
New capability aims to reduce time between product ideation and market launch from three years to less than eight months
Source: http://www.stockhouse.com/news/press-releases/2017/04/26/schneider-electric-and-accenture-build-a-digital-services-factory-to-speed
Hackers increase attacks on energy sector computers
Reports released this past week by U.S. security officials and private cybersecurity researchers suggest hacking of energy facility computers is on the rise, and happens far more often than the public assumes. The Department of Homeland Security said it received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
Source: http://www.houstonchronicle.com/business/article/Hackers-increase-attacks-on-energy-sector-11026522.php?cmpid=twitter-premium