LibVNCServer before a 0.9.12 release contains a null pointer dereference in VNC client code, which can result in denial-of-service condition.

The Industrial Internet Consortium has announced the publication of an official Internet of Things Security Maturity Model description.

Kaspersky Lab today announced it is working with the Cybersecurity at MIT Sloan Consortium (CAMS) to host the “Cybersecurity Insight” seminar, offering participants an opportunity to learn about...

The security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.

Zebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.

Kaspersky Lab presented its latest findings on CoDeSys Runtime vulnerabilities at the S4x19 conference, in what was a successful debut among competing industrial cybersecurity vendors

An attacker with network access to the affected distributed control system (DCS) workstation can bypass the authentication of a maintenance port via brute-force, because number of login attempts...

AVEVA Wonderware System Platform vulnerability leading to Unauthorized Access to Credentials.

UltraVNC Viewer before 1.2.2.4 has a buffer underflow vulnerability, which can potentially result in code execution.

An attacker controlling a device with the UltraVNC Server running can perform remote code execution on the client devices to cause a denial-of-service condition, modify system's data and/or obtain...

A authenticated attacker with low privileges can use unsecure sudo configuration to expand attack surface.

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another...

An attacker without authentication can login with default credentials for privileged users.

Critical vulnerabilities in industrial PCs used by Emerson’s DeltaV distributed control system could allow arbitrary code execution, malware injection or malware propagation to other workstations

UltraVNC Viewer before 1.2.2.4 has a out-of-bounds read vulnerability in RRE decoder code, caused by multiplication overflow.

New vulnerabilities have been identified in Schneider Electric PM5560 power meter and Modicon M221 logic controller

UltraVNC Viewer before 1.2.2.4 has an out-of-bounds read vulnerability inside client CoRRE decoder, caused by multiplication overflow.

The vulnerability affects PAC Control Basic and PAC Control Professional version R10.0а and earlier and could allow arbitrary code execution

UltraVNC before 1.2.2.4 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution.

USB media infected with malware were shipped with Conext ComBox and Conext Battery Monitor products

The paper provides an analysis of the prevalence of remote administration tools on OT networks and the threats associated with their use.

An attacker controlling a device with the UltraVNC Server running can perform remote code execution on the client devices to cause a denial-of-service condition, modify system's and/or obtain...

Newly identified vulnerabilities affect SIMATIC WinCC OA HMI system, SCALANCE X switches and TD Keypad Designer tool

UltraVNC before 1.2.2.4 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial-of-service (DoS) condition of VNC client.

Remote code execution in Emerson AMS Device Manager.

Wecon PI Studio HMI solutions are affected by multiple vulnerabilities that could allow remote code execution and disclosure of sensitive information, including in the context of an administrator

UltraVNC before 1.2.2.4 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution.

Vulnerable products include ROX II operating system, SIMATIC S7-1200 CPU family, SCALANCE W1750D access point and some SIMATIC PLCs

On March 19 2019 Norsk Hydro, one of the world’s largest aluminum producers revealed that ransomware had been used in an attack against them.

The sixth conference on industrial cybersecurity organized by Kaspersky Lab was held on September 19-21 in Sochi, Russia. This year’s theme was ‘Industrial cybersecurity: opportunities and...