Security Alerts & News
by Tymoteusz A. Góral

History
#1113 Industrial cybersecurity threat landscape
Industrial control systems (ICS) surround us: they are used in electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods). Smart cities, smart houses and cars, medical equipment – all of that is driven by ICS.

Expansion of the Internet makes ICS easier prey to attackers. The number of ICS components available over the Internet increases every year. Taking into account that initially many ICS solutions and protocols were designed for isolated environments, such availability often provides a malicious user with multiple capabilities to cause impact to the infrastructure behind the ICS due to lack of security controls. Moreover, some components are vulnerable themselves. The first available information about vulnerabilities in ICS components is related to 1997, only two vulnerabilities were published that year. Since then the number of vulnerabilities significantly increased. Over the past five years this index has increased from 19 vulnerabilities in 2010 to 189 vulnerabilities in 2015.

Sophisticated attacks on ICS systems are not somewhat new anymore. It is worth remembering an incident in 2015 in Ivano-Frankivsk, Ukraine where around a half of houses were left without electricity because of a cyber-attack against the Prykarpattyaoblenergo power company, and it was only one of multiple victims of the BlackEnergy APT campaign.
Read more
#1119 Millions of Xiaomi phones at risk of remotely installed malware
#1118 IoT medical devices: A prescription for disaster
#1117 Executive's guide to mobile security (free ebook)
#1116 HTTPS is not a magic bullet for Web security
#1115 Time management tips: How to create meetings that work
#1114 The state of mobile device security: Android vs. iOS
#1113 Industrial cybersecurity threat landscape
#1112 How Poland’s intrusive new spying law could bug world leaders at NATO summit
#1111 The Dropping Elephant – aggressive cyber-espionage in the Asian region
#1110 DroidJack uses side-load. It's super effective! Backdoored Pokemon GO Android app found
#1109 CISSP certification: Are multiple choice tests the best way to hire infosec pros?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12