Vulnerabilities

Trainwreck: Study Calls for Rethink of Rail Security

The folks over at SCADA Strangelove turned me on to this article from the International Railway Journal that presents the findings of an analysis of the security of industrial control and SCADA systems used to manage railway networks. The conclusion: railways are rife with “faults and vulnerabilities (that will) allow cyber criminals to not only degrade key reliability parameters and bypass safety mechanisms (and) carry out attacks which directly affect rail traffic safety.” The study was conducted by Valentin Gapanovic, the senior vice president of Russian Railways, Efim Rozenberg, the first deputy director general at the Moscow based research firm NIIAS JSC and Kaspersky Lab Deputy Chief Technology Officer Sergey Gordeychik. At issue is not just the systems that are used to manage railway networks, including the movements of trains and critical switching systems that configure tracks. Rather: it is the culture of safety and security in the rail sector which, the study concludes, is still silo’d between physical […]

Continue Reading

Update- Zero to 60: Experts Divided on Wisdom of Fiat Chrysler’s Bounty

In-brief: Security experts are divided on Fiat Chrysler’s new bug bounty program, with some decrying small dollar awards, while others argue the company may have moved far too quickly in offering cash rewards to begin with.

Continue Reading

Fiat Chrysler Launches Public Bug Bounty – But It’s Not All That

In-brief: Fiat Chrysler Automobiles (FCA) has unveiled a public “bounty” program that will pay security researchers up to $1,500 dollars for information on vulnerabilities in software used in conjunction with the company’s vehicles. Don’t get too excited. 

Continue Reading

Developers Gorge on Open Source Amid Worries About Quality, Security

In-brief: The use of open source software is exploding, but concerns about code quality and security in the open source supply chain persist, according to a report from the firm Sonatype. 

Continue Reading

Chronic Condition: Study Finds Medical Device Flaws Go Unfixed

In-brief: Old and outdated software continues to plague medical environments, opening the doors to infections and data loss, even by long-forgotten computer viruses, according to a report by the security firm TrapX.

Continue Reading
1 29 30 31 32 33 82