In this article we present some results of the research on OLB vulnerabilities discovered by Positive Technologies experts in 2013 and 2014 in the course of security assessments for a number of the largest Russian banks.
May 22, 2015
Online banking vulnerabilities in 2014: Authentication, Authorization and Android
In this article we present some results of the research on OLB vulnerabilities discovered by Positive Technologies experts in 2013 and 2014 in the course of security assessments for a number of the largest Russian banks.
May 19, 2015
Schneider Electric Thanks the Winner of the Positive Hack Days Hacker Contest
Early April, Schneider Electric has released several updates and patches fixing vulnerabilities in the software used for creating SCADA and HMI systems at nuclear power plants, chemical plants and other critical units.
The vulnerabilities which even a novice attacker could exploit were found in InduSoft Web Studio 7.1.3.2, InTouch Machine Edition 2014 7.1.3.2 as well as previous versions of these products. Among bugs fixed — arbitrary code execution and non-encrypted storage/transfer of sensitive data. The vendor recommends downloading the new patches as soon as possible.
Ilya Karpov and Kirill Nesterov, Positive Technologies researchers, detected the vulnerabilities during an ICS security analysis. Meanwhile, many bugs in those products were independently revealed by the participants of the Critical Infrastructure Attack contest held in May 2014 at the international infosec conference Positive Hack Days IV.
The vulnerabilities which even a novice attacker could exploit were found in InduSoft Web Studio 7.1.3.2, InTouch Machine Edition 2014 7.1.3.2 as well as previous versions of these products. Among bugs fixed — arbitrary code execution and non-encrypted storage/transfer of sensitive data. The vendor recommends downloading the new patches as soon as possible.
Ilya Karpov and Kirill Nesterov, Positive Technologies researchers, detected the vulnerabilities during an ICS security analysis. Meanwhile, many bugs in those products were independently revealed by the participants of the Critical Infrastructure Attack contest held in May 2014 at the international infosec conference Positive Hack Days IV.
Subscribe to:
Posts (Atom)