Home Tags General Electric

Tag: General Electric

As energy markets change, GE, blockchain hope to provide economic solutions

New additions to the Predix platform are targeted at energy traders and grid managers.

Homebrew crypto SNAFU on electrical grid sees GE rush patches

Boffins turned up hard-coded password in ancient controllers General Electric is pushing patches for protection relay bugs that, if exploited, could open up transmission systems to a grid-scale attack.…

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks.
In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

New hybrid plant combines batteries with gas turbine to cut pollution...

After Aliso Canyon leak, state ordered utilities to fund alternatives.

Adidas wants to sell 100,000 3-D printed sneakers

A personalized shoe that can “adjust the strength, durability, and the shape.”

Why GE is winning the war for tech talent

Hiring enough tech talent to facilitate digital transformations typically tops the list of challenges CIOs face.

They could do worse than follow the blueprint crafted by 125-year-old General Electric.The company has lured top tech executives from Ap...

General Electrics plays down industrial control plant vulnerabilities

Only a local hacker in a facility would be able to run an attack General Electric (GE) has pushed out an update to its industrial control systems following the discovery of vulnerabilities that create a way for hackers to steal SCADA system passwords. Potential exploits based on the vulnerabilities could be abused to cause process flow disruptions in power stations, utility providers and factories, according to Positive Technologies, the security firm that discovered the flaws. A spokeswoman for GE Digital played down the vulnerabilities, which she said can't be exploited remotely. Only a local hacker in a plant or facility would have been in a position to run an attack, she said, adding that there had been no signs of exploitation. Line-up The CVE-2016-9360 vulnerability (CVSS v3[1] score 6.4) makes it possible for an attacker to have access to legitimate sessions, intercepting user passwords locally.

General Electric's Proficy HMI/SCADA iFIX 5.8 SIM 13[2], Proficy HMI/SCADA CIMPLICITY 9.0[3], Proficy Historian 6.0[4] and their previous versions are vulnerable. Another flaw makes it possible for an attacker or malware with local access to obtain industrial database passwords. iFIX 5.8 (Build 8255) and previous versions are vulnerable. A third vulnerability makes it possible for a local attacker to block the authorisation of the application in the realtime database, either causing a failure at reading and recording history or database inoperability.
Industrial database Proficy Historian Administrator 5.0.195.0 need updating in response to his flaw. Positive Technologies also claimed to have discovered a critical fault in a security mechanism of all three systems related to use of standard passwords at network access authorisation.

This allows remote access to industrial process control, the security firm warns.

GE disputes this saying that the flaws, which were resolved in December, present only a local hack risk. Proficy HMI/SCADA iFIX needs to be updated to version 5.8 SIM 14, Proficy HMI/SCADA CIMPLICITY to version 9.5, and Proficy Historian to version 7.0. The vulnerabilities were reported to GE on July 31, 2015.

The install base of Proficy product family (CIMPLICITY, iFix, Historian) is in the thousands, and they are deployed across multiple industries. An update from ICS-CERT his week explaining the flaws in more detail can be found here. ® Sponsored: Continuous lifecycle London 2017 event.

DevOps, continuous delivery and containerisation. Register now

Hackers hustle to hassle un-patched Joomla! sites

If you didn't patch, you've probably been p0wned already Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged in a scant Joomla! pre-release notice warning administrators to prepare for a then un-described but critical patch. At the time The Register warned the then mysterious flaw would likely be exploited in the coming days and weeks as the respective patch is reverse-engineered. Those attacks have eventuated faster than we predicted. Sucuri analyst Daniel Cid says the attacks arrived in force three days after patching and were so large that any site that did not apply the patch has likely now been compromised. "Less than 24 hours after the initial disclosure, we started to see tests and small pings on some of our honeypots trying to verify if this vulnerability was present," Cid says, adding attackers unsuccessfully targeted every Joomla site in Sucri's network. "In less than 36 hours after the initial disclosure, we started to see mass exploit attempts across the web. "In fact, because of the sharp increase, it's our belief that any Joomla! site that has not been updated is most likely already compromised." Cid and colleagues were able to reverse-engineer the patch within a "few hours", creating an internal tool that could exploit the vulnerabilities (CVE-2016-8870, CVE-2016-8869) and upload backdoors to affected sites. He says attackers begun immediately probing for user.register tasks and creating unauthorised users. Hours after IP addresses from Romania and Latvia begun mass scanning thousands of sites attempting to create the user db_cfg. Joomla! has been downloaded more than 75 million times and runs on big ticket sites including McDonalds, Ikea, General Electric, Linux.com, and major news sites. WordPress leads the open-source content management pack with some 140 million downloads. "If you have not updated your Joomla site yet, you are likely already compromised," Cid says. The engineer has detailed indicators of compromise administrators can look for to determine if their Joomla! site was attacked. ®

Joomla! squashes critical privileged account creation holes

Borked two factor authentication also fixed Joomla! has revealed it's patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts. Project staff warned of the looming patch this week asking administrators to pr...

Joomla! readies patch for core vulnerability so critical it isn’t talking

Patch to drop 1400 UTC, Tuesday.

And the haste of its release suggests this is scary The world's second-favourite content management system, Joomla!, is warning of a critical security hole so bad its developers aren't saying what it fixes. The Register understands a patch for the mystery hole will take the name of version 3.6.4 and will be published around 1400 UTC today, October 25th. Joomla! has been downloaded more than 75 million times and runs on big ticket sites including McDonalds, Ikea, General Electric, Linux.com, and major news sites. WordPress leads the open-source content management pack with some 140 million downloads. The Joomla! security strike team says only that it was "informed of a critical security issue in the Joomla! core" which is a "very important security fix". "Until the release is out, please understand that we cannot provide any further information," the security team says. It is difficult to speculate on the possible vulnerability and administrators should take measured steps to prepare for the release of the upcoming patch, rather than hyperventilate. However, Jooma!'s reticence to publish details before patches are issued combined with its description of the bug as critical suggests the problem allows either data siphoning bug or server compromise. If either scenario is thee case, administrators should expect black hats to exploit the flaw as soon as they can build exploits. From there - based on the exploitation historical major vulnerabilities - attacks could spread to compromise Joomla! instances that remain un-patched in the ensuing days and weeks. ®

Californian gets 50 months in prison for Chinese ‘technology spy’ work

Apparent jet and drone export plot foiled A sting operation by the US Department of Homeland Security has netted one California woman a 50-month sojourn in prison after she was found guilty of trying to break the US Arms Export Control Act. The court heard that between March 2011 and June 2013, Wenxia Man, 45, of San Diego, worked with a Chinese national – who she described as a "technology spy" – to obtain classified military hardware and its schematics for export to the Middle Kingdom for a $1m payoff. "I'm innocent," Man told the judge, The Sun-Sentinel reports. "This is my country, too." Man, a computer science graduate, worked with her husband running a mobile phone components business, and investigators were tipped off by a third party that she was looking for classified military hardware. Over a nine-month period, an undercover agent exchanged a series of emails and text messages about her plans, pretending he could source the materials. On Man's shopping list were such items as the Pratt & Whitney and General Electric jet engines for the F‑35, F‑22, and F‑16 fighter jets, and a General Atomics MQ-9 Reaper/Predator B Unmanned Aerial Vehicle with Hellfire missile capability.
She was also after anything she could get on stealth technology, the court heard. "There is hardly a more serious case than a case such as this, that involves some of our most sophisticated fighter jet engines and unmanned weaponized aerial drones," said prosecutor Michael Walleisa. "The potential for harm to the safety of our fighter pilots, military personnel and national security which would occur had the defendant been successful is immeasurable." Her defense argued that Man was suffering from mental health issues at the time of her offences and was unlikely to have been able to get hold of any of the top-secret items on the technology spy's list. "It was our position that there was no conspiracy and that she was entrapped," her lawyer Alex Strassman said. "It was pretty clear what would have happened if the government would have left her alone. Nothing more would have happened." In her judgement, US District Judge Beth Bloom said she was satisfied Man knew what she was doing was wrong, although she also did have a degree of mental impairment.
She was ordered to receive mental health treatment during and after her sentence. ® Sponsored: 2016 Cyberthreat defense report