Skip to main content
Customer Support Customer Support

US Ports Targeted with Zero-Day SQL Injection Flaw

  • August 23, 2016
  • 2 replies
  • 2 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

Flaw in Navis WebAccess exposes port authorities to hacking

 
                                  http://i1-news.softpedia-static.com/images/fitted/340x180/us-ports-targeted-with-zero-day-sql-injection-flaw.png
 
Aug 23, 2016 16:45 GMT  ·  By Catalin Cimpanu Ports in the US have reported attacks using an SQL injection flaw made public by a hacker known as bRpsd, who released a fully working exploit online without notifying the vendor in advance.
 
Following these events, ICS-CERT, the US-CERT division in charge of security alerts for industrial control systems (ICS), has issued advisories regarding the vulnerability's existence and the ongoing series of attacks.
 
The affected application is Navis WebAccess, the Web-based component of the Navis maritime transportation logistics software suite, sold by the Cargotec Corporation.

Full Article
    Baldrick

    2 replies

    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • August 23, 2016
    Well, that is really not good as any threat or opening for damage to a country's key infrastructure is likely to hit many hard should the miscreants strike. Have to assume that this is foreign government sanctioned/sourced as it would be hard to understand what the lowly miscreant has to gain from this sort of potential attack. Scary! 
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    JamesG
    B
    Bronze VIP
    • BurnDaddy
    • August 23, 2016
    @ wrote:
    Well, that is really not good as any threat or opening for damage to a country's key infrastructure is likely to hit many hard should the miscreants strike. Have to assume that this is foreign government sanctioned/sourced as it would be hard to understand what the lowly miscreant has to gain from this sort of potential attack. Scary! 
    Unfortunately, Baldrick, I feel that it is only a matter of time before some foreign entity is able to successfully cause a catastrophic breach to any number of the systems that we depend upon. Given that the badly needed improvements to our infrastructure seem to be a very low priority for our political class. They are much more interested in pacifying their powerful donors. And given that many of our most vital systems are still operating on antiquated hardware nearly 50 years old, it's really not a matter of "if" but "when". :(
     
    bd
    Baldrick
    Jasper_The_Rasper
    JamesG
    Terms & ConditionsAccessibility statement