Monday, December 24, 2012

Gleg releases Ver 1.20 of the SCADA+ Exploit Pack for Immunity Canvas


In keeping with their previous record of releasing updates on a regular basis, Gleg announced on December 24 the release of version 1.20 of the SCADA+ Exploit Pack for the Immunity Canvas framework.

Version 1.19 was released on November 8, 2012.

Thursday, November 8, 2012

Gleg releases Ver 1.19 of the SCADA+ Exploit Pack for Immunity Canvas

On November 8, reference on the Gleb website indicates that they will be releasing version 1.19 of the SCADA+ Exploit Pack for the Immunity Canvas framework offer by Gleg. On November 9, the Immunity Inc. listserver provided confirmation that the update is now available.

Gleg remains active and devoted to continuing to release SCADA+ Exploit Pack modules on a regular basis, with this release coming just 4 weeks after v1.18!

All of the SCADA exploits included in this release cover 0-day vulnerabilities that have not been previously disclosed, including any published advisories or alerts from ICS-CERT. Both ICS systems included in this release represent reasonable risk to critical infrastructure and manufacturing facilities within the USA.

Wednesday, October 10, 2012

Gleg releases Ver 1.18 of the SCADA+ Exploit Pack for Immunity Canvas

On October 10, Gleg released version 1.18 of the SCADA+ Exploit Pack for the Immunity Canvas framework, along with a corresponding version 2.17 of the Agora Exploit Pack.

Gleg remains active and devoted to continuing to release SCADA+ Exploit Pack modules on a regular basis, at approximately 4-8 week intervals!

All of the SCADA exploits included in this release cover 0-day vulnerabilities that have not been previously disclosed, including any published advisories or alerts from ICS-CERT. Two of the systems included in this release do not appear to be high-risk to most critical infrastructure and manufacturing facilities within the USA; however, these products do have references within these industries in other countries so due diligence should be performed if you own a potentially vulnerable system. A third system, which is actually one of the leading RTOS used by many embedded devices, could pose elevated risk to ICS users.

Thursday, April 5, 2012

What do March Madness and Cyber Security have in common?

(this blog was originally posted by Bryan Owen on the vCampus Blog and is copied here for wider distribution)

OSIsoft User Conference 2012: Cyber Security Line Up
March Madness is a wrap, did your picks do well? You can consider the Pwn2Own competition at CanSecWest as a cyber security version of March Madness.

In continuation of a global trend, this year signaled a change in the 'sport of hacking'. Move over undergrads. Pwn2Own has become a professional contest. It was Vupen's dedicated exploit team versus Google's Chrome security team (both declared victory but Vupen's story won better news coverage).

So yes, cyber security is a team sport. It is complete with talented athletes, coaches, and trainers. Let's not forget the fans, institutions, regulators, media and the rest of the eco system. Do you have PI System security superstars on your team?

I'm very pleased to call out a strong cyber security line up for User Conference 2012: