A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers.
A security researcher claims that he found 23 vulnerabilities in industrial control software from several vendors after a different security company last week showcased vulnerabilities in applications from some of the same manufacturers, but chose not to report them.
Security researcher Reid Wightman from the firm ioActive has found an undocumented back door in CoDeSys, the management software used by 261 different manufacturers of ICS devices. The back door gives full access without requiring authentication and has prompted the US Department of Homeland Security's ICS-CERT to issue an alert (PDF).
L33tdawg: Eugene Kaspersky, has confirmed the company is working on a secure operating system developed from scratch. Code named 11.11, they've apparently been working on the project for a decade! Here's hoping it's more Windows 8 than NT :) (I'm just kidding Eugene, this is awesome stuff!)
A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.