SCADA Hacking | Breaking Cybersecurity News | The Hacker News

Stuxnet case is considered by security expert the first concrete act of cyber warfare, a malware specifically designed to hit SCADA systems inside nuclear plants in Iran. The event has alerted the international security community on the risks related to the effects of a cyber attack against supervisory control and data acquisition in industrial environment.  SCADA systems are adopted practically in every industrial control system (ICS) used for the control and monitor of industrial processes that are potential targets of a cyber attack such as a critical infrastructures or a utility facilities. Manufacturing, production, power generation, water treatment facilities, electrical power transmission and distribution and large communication systems are all considered critical asset for every countries and represent privileged targets for cyber attacks. Obtain access to SCADA systems is fundamental step for a attackers that desires to compromise the controlled processes and contrary to

Reid Wightman from security firm ioActive reported that there is an undocumented backdoor available in   CoDeSys  software that actually used to manage equipment in power plants, military environments, and nautical ships. The bug allow malicious hackers to access sensitive systems without authorization, Ars said. The CoDeSys tool will grant a command shell to anyone who knows the proper command syntax and inner workings, leaving systems that are connected to the public Internet open to malicious tampering and There is absolutely no authentication needed to perform this privileged command,  Reid mention. This software has been used in industrial control systems sold by 261 different manufacturers. 3S-Smart Software Solutions designs CoDeSys and recently issued an advisory that recommends users set a password, but  he is able to develop two exploit shells , one is  codesys-shell.py (to get the CoDeSys command shell without authentication) and other , codesys-transfer.py (read or w

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Eugene Kaspersky is working with his engineers at Russian security firm Kaspersky Lab to create a secure-by-design OS for ICS. In an interview Kaspersky said " It's true no one else ever tried to make a secure operating system. This may sound weird because of the many efforts Microsoft, Apple and the open source community have made to make their platforms as secure as possible. With all respect, we should admit they were developing a universal solution for a wide range of application and various kinds of users. And security and usability is always a matter of compromise! With a universal OS a developer inevitably sacrifices security for usability ." Companies that maintain ICS are forced to try to patch them on the fly in the event of a malware attack, a process usually easier said than done. Instead, Kaspersky suggests that the solution lies in a secure operating system, one in which ICS can be installed. Such an OS could help ensure that industrial systems stay healthy

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities . They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product. The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants. The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges The disclosure was made by Roberto Paleari and Ivan Speziale, who described the vulnerable system as being the Schneider Electric