You are here

Home » Cybersecurity

Cybersecurity

Password Manager Flaws Can Expose Data on Compromised Devices

Researchers at Independent Security Evaluators (ISE) examined five popular password managers and found that for each it was possible to extract “trivial secrets” from a locked password manager, which sometimes included the master password. Assessing the underlying functionality of 1Password, Dashlane, KeePass and LastPass on Windows 10, the researchers discovered that in some cases the master password could be found in plaintext in the computer’s memory when the password manager was locked and that they could extract the master password using standard memory forensics.

Siegeware: When Criminals Take Over Your Smart Building

A cybersecurity researcher presents a scenario for the employment of “siegeware,” whereby an adversary holds a building for ransom by hacking into the software that controls its functionality, including room temperature, door locks, and alarms. According to the researcher, this is not an imaginary scenario, as he claims to have met someone who was the victim of a siegeware attack. When the person’s company refused to pay the attackers, its use of the targeted building was disrupted. And in his further investigations, the researcher discovered other similar incidents involving siegeware.

Cyber Adversaries Increasingly Using Malware to Destroy Business Operations, according to Symantec’s Annual Report

Cybersecurity company Symantec has just released its Internet Security Threat Report for 2019, which analyzes data captured by Symantec’s global network of 123 million attack sensors. Among other highlights, the report observes that nearly one in ten targeted attack groups now use malware to destroy and disrupt business operations, a 25 percent increase from the previous year.

Horner Automation Cscape (ICSA-19-050-03)

The NCCIC has published an advisory on an improper input validation vulnerability in Horner Automation Cscape. Versions 9.80 SP4 and and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read confidential information and remotely execute arbitrary code. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.90). The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

Delta Industrial Automation CNCSoft (ICSA-19-050-02)

The NCCIC has published an advisory on an out-of-bounds read vulnerability in Delta Industrial Automation CNCSoft. Versions 1.00.84 and prior are affected. Successful exploitation of this vulnerability could cause a buffer overflow condition that may allow information disclosure or crash the application. Delta recommends updating to the latest version of CNCSoft v1.01.15 and restricting the interaction with the application to trusted files. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

Intel Data Center Manager SDK (ICSA-19-050-01)

The NCCIC has published an advisory on improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities in Intel Data Center Manager SDK. Versions prior to 5.0.2 are affected. Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure. Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

Dragos Year-in-Review 2018 Reports – Creating Defensible ICS Networks

A great deal can be learned through industry trends and shared challenges. As such, ICS cyber forensics firm Dragos published a series of year-in-review reports examining their customer engagements throughout 2018. The reports evaluate changes in the industry and discuss actions organizations can take to increase their networks’ defensibility. Dragos’ customer demographic for these reports was primarily focused on energy (56%).

Pangea Communications Internet FAX ATA (ICSA-19-045-01)

The NCCIC has published an advisory on an authentication bypass using an alternate path or channel vulnerability in Pangea Communications Internet FAX ATA. Versions 3.1.8 and prior are affected. Successful exploitation of this vulnerability could cause the device to reboot and create a continual denial-of-service condition. Pangea Communications has contacted users of the affected product and have deployed a patch to resolve the issue. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

gpsd Open Source Project (ICSA-18-310-01)

The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in gpsd Open Source Project. For gpsd, versions 1.0 to 1.3 are affected. For microjson, versions 1.0 to 1.3 are affected. Successful exploitation of this vulnerability could allow remote code execution, data exfiltration, or denial-of service via device crash. gpsd/microjson project maintainers recommend upgrading to gpsd Version 3.18 or newer and microjson 1.4 or newer to resolve this vulnerability.

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K) (ICSA-17-129-01I) – Product Used in Energy and Water and Wastewater Systems Sectors

February 14, 2019

The NCCIC has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 27, 2018

ICS-CERT has updated this advisory with additional details on affected products and mitigation details. ICS-CERT.

January 23, 2018

Tags: 
ics-cert siemens simantic

Pages

Subscribe to Cybersecurity