Cybersecurity

When a file is open or locked, most ransomware applications can’t encrypt them without first shutting down the process involved. Applications like database or mail servers lock open files so that other programs can’t modify them. The lock prevents data from being corrupted by two processes writing to a file at the same time. But now the Sodinokibi (aka REvil) ransomware has a new feature for terminating processes that have locked a file, meaning it can encrypt such a file.

CISA has published an advisory on improper validation of array index, relative path traversal, SQL injection, stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read vulnerabilities in Advantech WebAccess Node. Versions 9.0.0 and 8.4.4 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech has released updated versions of the affected products to address the vulnerabilities.

CISA has published an advisory on an uncontrolled search path element vulnerability in Fazecast jSerialComm. Versions 2.2.2 and prior of jSerialComm and versions 1.5.x, 1.6.x, and 1.7.x of EcoStruxure IT Gateway are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system. Fazecast recommends users update jSerialComm to Version 2.3 or later. Schneider Electric recommends users upgrade EcoStruxure IT Gateway to Version 1.8.1 or later.

COVID-19 forced some organizations to exercise a business continuity plan that may not have formally existed prior to the pandemic. With the current pandemic running its course and activities still fresh in our minds, there is no better time than the present to formalize or refresh organizational business continuity and preparedness plans. OT security firm Applied Risk highlights some business continuity best practices and key activities for critical infrastructure entities.