Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

ICS-small

Schneider ignores researchers’ warnings about hard-coded passwords

SCADA manufacturers Schneider Electric have been found to be shipping products with embedded passwords. Simon Heming, Maik Brüggemann, Hendrik Schwartke and Ralf Spenneberg from Germany’s Open Source Security discovered the issue and said they went public because Schneider didn’t respond to their findings. Users of Schneider’s Modicon TM221CE16R firmware 1.3.3.3 are stuck, because they can’t…

Windows

Zero-day on Windows Server 2003 could affect up to 600,000 servers

A vulnerability has been discovered in Windows Server 2003 running IIS6 by two security researchers at the South China University of Technology, but Microsoft said it won’t issue a patch even though up to 600,000 servers could be running the unsupported software. The researchers posted a proof-of-concept exploit for the zero-day to Github. The flaw is…

Illustration by Robin Jareaux

Google proposes revoking Symantec certs

Google no longer has confidence in Symantec’s issuance of certifications In a dramatic criticism of one of the biggest suppliers of HTTPS credentials, Google Chrome developers said they would be restricting transport layer security certificates sold by Symantec-owned issuers effective immediately. The reason: “a continually increasing scope of misissuance,” said a statement from Ryan Sleevi,…

Next post in Vulnerabilities