Cybersecurity

The NCCIC has published an advisory on stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read vulnerabilities in Delta Industrial Automation CNCSoft. Versions 1.00.88 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta Electronics recommends updating to the latest version of ScreenEditor 1.00.89. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.

The National Cybersecurity and Communications Integration Center (NCCIC) has issued an advisory regarding the recent release of information on a vulnerability affecting multiple Virtual Private Network (VPN) applications, which are used to create secure connections with another network over the Internet.

The Department of Homeland Security (DHS) and the FBI report they have identified a Trojan malware variant – referred to as “HOPLIGHT” – used by the North Korean government. The DHS National Cybersecurity and Communications Integration Center (NCCIC) has published a Malware Analysis Report (MAR) on HOPLIGHT that it encourages partners to review. The MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques.

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, ASP.NET, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, and Windows Admin Center.