ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

IT-Security: Sicherheitslücke konnte Wasserwerke und Kraftwerke lahmlegen | #CyberSecurity #GRID #Vulnerabilities 

IT-Security: Sicherheitslücke konnte Wasserwerke und Kraftwerke lahmlegen | #CyberSecurity #GRID #Vulnerabilities  | ICT Security-Sécurité PC et Internet | Scoop.it
From www.golem.de - May 5, 2018 2:55 AM

Ein Buffer Overflow ermöglicht es Hackern, eine in Infrastrukturanlagen viel genutzte Software anzugreifen - per Ddos oder Fremdcode. Die Lücken seien auch bereits ausgenutzt worden. Mittlerweile soll ein Patch zur Verfügung stehen.

Die Software im Kraftwerk anzugreifen, kann große Schäden verursachen.

IT-Security-Forscher des Unternehmens Tenable Security haben eine Sicherheitslücke entdeckt, die in essentieller Infrastruktursoftware auftritt. Über einen Buffer Overflow könnten Angreifer Zugriff auf ein Netzwerk erhalten, eine Denial-of-Sevice-Attacke starten oder böswilligen Code ausführen. Betroffen sind die Programme Indusoft Web Studio und Intouch Machine Edition vom Entwickler Schneider Electric.

 

Beide werden beispielsweise in Wasserwerken, Gaskraftwerken oder Ölraffinerien eingesetzt, um die dortige Maschinerie zu verwalten und zu steuern - kritische Anlagen, bei denen Fehlfunktionen große Schäden anrichten können.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=GRID

 

Gust MEES's insight:

Ein Buffer Overflow ermöglicht es Hackern, eine in Infrastrukturanlagen viel genutzte Software anzugreifen - per Ddos oder Fremdcode. Die Lücken seien auch bereits ausgenutzt worden. Mittlerweile soll ein Patch zur Verfügung stehen.

Die Software im Kraftwerk anzugreifen, kann große Schäden verursachen.

IT-Security-Forscher des Unternehmens Tenable Security haben eine Sicherheitslücke entdeckt, die in essentieller Infrastruktursoftware auftritt. Über einen Buffer Overflow könnten Angreifer Zugriff auf ein Netzwerk erhalten, eine Denial-of-Sevice-Attacke starten oder böswilligen Code ausführen. Betroffen sind die Programme Indusoft Web Studio und Intouch Machine Edition vom Entwickler Schneider Electric.

 

Beide werden beispielsweise in Wasserwerken, Gaskraftwerken oder Ölraffinerien eingesetzt, um die dortige Maschinerie zu verwalten und zu steuern - kritische Anlagen, bei denen Fehlfunktionen große Schäden anrichten können.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/securite-pc-et-internet/?&tag=GRID

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Dragonfly : vent de panique sur le secteur de l’énergie | #CyberAttacks #PowerGrid

Dragonfly : vent de panique sur le secteur de l’énergie | #CyberAttacks #PowerGrid | ICT Security-Sécurité PC et Internet | Scoop.it
From www.zdnet.fr - September 8, 2017 2:15 AM

Symantec a publié un rapport portant sur les activités du groupe cybercriminel connu sous le nom de DragonFly. 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=GRID

 

Gust MEES's insight:

Symantec a publié un rapport portant sur les activités du groupe cybercriminel connu sous le nom de DragonFly. 

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=GRID

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Dragonfly 2.0 Attackers Probe Energy Sector | #CyberSecurity #Powergrid #CyberAttacks

Dragonfly 2.0 Attackers Probe Energy Sector | #CyberSecurity #Powergrid #CyberAttacks | ICT Security-Sécurité PC et Internet | Scoop.it
From www.infosecurity-magazine.com - September 13, 2017 10:01 AM
Symantec has warned of a new attack campaign targeting energy firms, which may have already given the hackers access to operational systems in the US and Europe.

The security giant claimed the Dragonfly threat group is behind the new round of attacks, ongoing since December 2015.

Organizations in the US, Turkey and Switzerland were identified as targets for a range of tools and techniques including malicious emails, watering hole attacks and trojanized software.

Emails with content specific to the energy sector were designed to socially engineer the recipients into opening a malicious attachment. If opened, they would steal the victims' network credentials.

Watering hole attacks were also used to harvest credentials, with the hackers booby-trapping sites likely to be visited by energy sector workers.

The stolen credentials were then typically used in follow-on attacks designed to install backdoors to provide remote access and give the hackers the option of installing additional tools.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=GRID

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Dragonfly

 

Gust MEES's insight:
Symantec has warned of a new attack campaign targeting energy firms, which may have already given the hackers access to operational systems in the US and Europe.

The security giant claimed the Dragonfly threat group is behind the new round of attacks, ongoing since December 2015.

Organizations in the US, Turkey and Switzerland were identified as targets for a range of tools and techniques including malicious emails, watering hole attacks and trojanized software.

Emails with content specific to the energy sector were designed to socially engineer the recipients into opening a malicious attachment. If opened, they would steal the victims' network credentials.

Watering hole attacks were also used to harvest credentials, with the hackers booby-trapping sites likely to be visited by energy sector workers.

The stolen credentials were then typically used in follow-on attacks designed to install backdoors to provide remote access and give the hackers the option of installing additional tools.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=GRID

 

http://www.scoop.it/t/securite-pc-et-internet/?&tag=Dragonfly

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

First known hacker-caused power outage signals troubling escalation | CyberSecurity

First known hacker-caused power outage signals troubling escalation | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From arstechnica.com - January 4, 2016 6:59 PM
Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said.

The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure. The report went on to say that the outage was the result of malware that disconnected electrical substations. On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/securite-pc-et-internet


Gust MEES's insight:
Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said.

The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure. The report went on to say that the outage was the result of malware that disconnected electrical substations. On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.


Learn more / En savoir plus / Mehr erfahren:


http://www.scoop.it/t/securite-pc-et-internet


more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn