Date Author Title

SCADA RTU NERC ISO27001 ISMS RISK IMPACT

2010-08-22Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals

SCADA

2024-04-22/a>Jan KoprivaIt appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years
2021-05-12/a>Jan KoprivaNumber of industrial control systems on the internet is lower then in 2020...but still far from zero
2014-04-17/a>Manuel Humberto Santander PelaezLooking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5
2014-04-15/a>Manuel Humberto Santander PelaezLooking for malicious traffic in electrical SCADA networks - part 1
2013-07-01/a>Manuel Humberto Santander PelaezUsing nmap scripts to enhance vulnerability asessment results
2013-02-20/a>Manuel Humberto Santander PelaezSANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
2013-01-18/a>Russ McReeInteresting reads for Friday 18 JAN 2013
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-05-31/a>Johannes UllrichSCADA@Home: Your health is no secret no more!
2011-11-23/a>Johannes UllrichSCADA hacks published on Pastebin
2011-10-19/a>Pedro BuenoThe old new Stuxnet...DuQu?
2011-05-12/a>Johannes UllrichActiveX Flaw Affecting SCADA systems
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2009-10-22/a>Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-06-15/a>Daniel WesemannDrive-by Blackouting ?
2008-09-29/a>Daniel WesemannPatchbag: WinZip / MPlayer / RealWin SCADA vuln
2008-09-08/a>Raul SilesCitectSCADA ODBC service exploit published
2008-06-11/a>John BambenekCitectSCADA Buffer Overflow Vulnerability
2008-05-06/a>Marcus SachsIndustrial Control Systems Vulnerability

RTU

2023-04-07/a>Xavier MertensDetecting Suspicious API Usage with YARA Rules
2021-02-25/a>Daniel WesemannForensicating Azure VMs
2018-02-02/a>Xavier MertensSimple but Effective Malicious XLS Sheet
2016-07-27/a>Xavier MertensCritical Xen PV guests vulnerabilities
2016-02-23/a>Xavier MertensVMware VMSA-2016-0002
2014-08-14/a>Basil Alawi S.TaherThreats to virtual environments
2014-01-10/a>Basil Alawi S.TaherWindows Autorun-3
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-04-15/a>Rob VandenBrinkOops - You Mean That Deleted Server was a Certificate Authority?
2012-06-20/a>Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2012-03-09/a>Guy BruneauVMware New and Updated Advisories
2011-11-07/a>Rob VandenBrinkStuff I Learned Scripting - Evaluating a Remote SSL Certificate
2011-11-01/a>Russ McReeHoneynet Project: Android Reverse Engineering (A.R.E.) Virtual Machine released
2011-05-08/a>Lorna HutchesonMonitoring Virtual Machines
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2010-08-09/a>Jim ClausingVirtualbox update available - looks like a few stability fixes http://www.virtualbox.org/wiki/Changelog
2010-04-02/a>Guy BruneauSecurity Advisory for ESX Service Console
2010-03-30/a>Pedro BuenoVMWare Security Advisories Out
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"

NERC

2013-02-20/a>Manuel Humberto Santander PelaezSANS SCADA Summit at Orlando - Bigger problems and so far from getting them solved
2012-10-06/a>Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals

ISO27001

2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals

ISMS

2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals

RISK

2024-08-07/a>Guy BruneauSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2022-08-17/a>Johannes UllrichA Quick VoIP Experiment
2020-05-14/a>Rob VandenBrinkPatch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2017-03-25/a>Russell EubanksDistraction as a Service
2017-03-11/a>Russell EubanksWhat's On Your Not To Do List?
2015-03-21/a>Russell EubanksHave you seen my personal information? It has been lost. Again.
2014-06-11/a>Daniel WesemannHelp your pilot fly!
2013-08-19/a>Guy Bruneau Business Risks and Cyber Attacks
2012-12-18/a>Dan GoldbergMitigating the impact of organizational change: a risk assessment
2012-11-23/a>Rob VandenBrinkRisk Assessment Reloaded (thanks PCI ! )
2012-11-23/a>Rob VandenBrinkWhat's in Your Change Control Form?
2012-10-17/a>Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-05-30/a>Rob VandenBrinkToo Big to Fail / Too Big to Learn?
2011-05-25/a>Lenny ZeltserMonitoring Social Media for Security References to Your Organization
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2010-06-10/a>Deborah HaleTop 5 Social Networking Media Risks
2010-04-04/a>Mari NicholsFinancial Management of Cyber Risk
2009-11-29/a>Patrick Nolan A Cloudy Weekend
2009-09-15/a>Johannes UllrichSANS releases new Cyber Security Risk Report
2009-04-19/a>Mari NicholsProviding Accurate Risk Assessments
2008-07-08/a>Swa FrantzenSecurity implications in HVAC equipment
2008-03-22/a>Koon Yaw TanMicrosoft Security Advisory Released (950627)

IMPACT

2017-04-28/a>Russell EubanksKNOW before NO
2017-03-25/a>Russell EubanksDistraction as a Service
2017-03-11/a>Russell EubanksWhat's On Your Not To Do List?
2012-12-22/a>Guy BruneauNew Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html
2010-08-22/a>Manuel Humberto Santander PelaezSCADA: A big challenge for information security professionals
2008-07-15/a>Maarten Van HorenbeeckBlackBerry PDF parsing vulnerability