Discover and read the best of Twitter Threads about #ics

Most recents (4)

#ICS Advisory (ICSA-20-203-01) - #Wibu-Systems #CodeMeter

* Affected? Multiple #KRITIS sectors worldwide!
* CVSSv3 score? 10.0!
* Exploitable remotely? With low skill level to exploit!
#RCE 1/3
us-cert.cisa.gov/ics/advisories…
Risk Evaluation?
#exploitation of #vulnerabilities could allow an attacker to alter & forge a license file, cause a DoS condition, potentially attain remote code execution #RCE, read heap data, and prevent normal operation of third-party software dependent on the #CodeMeter! 2/3
Vulnerabilities?
Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release! 3/3
Read 3 tweets
Parce que le #covid19 et que le #MasquesObligatoires ne permet le débat serein sur la #ventilation des locaux #QAI, je me lance dans un #thread sur cette norme complexe. Pardonnez-moi d'avance si quelques imprécisions s'y glissent ^^ ⤵️
Je me base sur le dernier avis du @HCSP qui déclare dans les avis du 24 avril et du 30 juillet que la #ventilation des locaux doit être renforcée en #EHPAD, #hopitaux et #ERP (ex : #écoles) hcsp.fr/Explore.cgi/Te…
D'ailleurs, page 3, il recommandait un certain nombre de mesures sur une #ventilation systématique des locaux, la vérification/remplacement des filtres. Il prenne l'exemple des bateaux de croisières et des restaurants avec une contamination accrue au #covid19
Read 25 tweets
Die #IT-Umgebung des indischen #AKW's Kudankulam wurde nicht nur gehackt, sondern als Command and Control Server benutzt.

Hoffentlich war die #OT nicht auch öffentlich am Netz!

#KRITIS Sektor #Energie #nuclear #nuclearsafety #Resilienz #Cyber #Security

Zur Unterscheidung:

IT sind Informationstechnische Systeme (#PC #Laptop #Windows #Office, #Buchhaltung...)

OT sind Operative Systeme (#ICS #SCADA #SPS #HMI #PLC #Steuertechnik...)
Angemessener Stand der Technik #SdT wie in #KRITIS gefordert wurde offenbar im #AKW nicht eingehalten.

Strikte #Trennung zwischen #OT-Steuersystemen und #IT ist eine wesentliche #SicherheitsmaĂźnahme!

Weitere #MaĂźnahmen und #Forderungen finder Ihr hier.

ag.kritis.info/politische-for…
Read 5 tweets
When is someone's POC newsworthy - especially for #ICS? We've had IRONGATE, we've had "Clear Energy"... both made headlines, neither were "in the wild" attacks, and one was more or less notional - but then there's this set of things: pastebin.com/riBhHwUE
Essentially, someone appears to be developing a ICS proof of concept over time as a double-extension EXE that displays a PDF while running some Python in the background. Initially it started pretty simple.
But over several months of apparent development, things got a bit more robust:
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!