You are here

Home » Cybersecurity

Cybersecurity

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (ICSA-18-347-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on an improper input validation vulnerability in EN100 Ethernet Communication Module and SIPROTEC 5 relays. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could cause a denial-of-service condition of the network functionality of the device, compromising the availability of the system. Siemens has released updates for several affected products. Siemens is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.

Geutebrück GmbH E2 Series IP Cameras (ICSA-18-347-03) – Products Used in the Energy Sector

The NCCIC has released an advisory on an OS command injection vulnerability in Geutebrück GmbH E2 Series IP Cameras. Products running firmware versions prior to 1.12.0.25 are affected. Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root. Geutebrück recommends E2 series IP camera users download and update to the newest firmware version, 1.12.0.25. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e (ICSA-18-347-04) – Products Used in the Energy Sector

The NCCIC has released an advisory on a path traversal vulnerability in GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to access system data, which could result in escalation of privilege and unauthorized access to the controller. The path traversal vulnerability has been corrected by GE. GE recommends users upgrade to the current version of ControlST software as described in CSB25378.

Operation Sharpshooter Targeting Global Critical Infrastructure, including Energy

McAfee reports it has discovered a new global campaign, dubbed “Operation Sharpshooter,” that is targeting nuclear, defense, energy, and financial companies (predominantly in the U.S.). The campaign masquerades as a legitimate industry job recruitment activity to gather information. McAfee observes that its discovery of this new, high-function implant is another example of how targeted attacks move in several steps, beginning with attempts to gain intelligence.

Improve ICS Incident Response and Resilience Plans by Enhancing Asset Inventory

You can’t secure what you don’t know, thus making a comprehensive asset inventory an invaluable resource in your cybersecurity program. Likewise, business continuity, resilience, and incident response plans are not complete without understanding your assets. ICS cyber security firm Dragos expands asset management from a function to a framework in their recent whitepaper, Collection Management Frameworks – Beyond Asset Inventories for Preparing for and Responding to Cyber Threats.

McAfee SINAMICS PERFECT HARMONY GH180 (ICSA-18-345-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper access control vulnerability in McAfee SINAMICS PERFECT HARMONY GH180. Multiple products and versions of these products are affected. The vulnerability can be exploited to compromise an HMI, and by extension, the drive system. McAfee has issued Security Bulletin SB10250 to address this vulnerability in MACC. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Microsoft Releases December 2018 Security Update

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Dynamics NAV, Microsoft Exchange Server, Microsoft Visual Studio, and Windows Azure Pack. Microsoft.

Seedworm Group Compromises Government Agencies, Oil and Gas, and More

Symantec reports it has uncovered extensive insights into a cyber threat actor it calls “Seedworm,” which it says is behind operations that have gathered intelligence on targets spread primarily across the Middle East but also in North American and Europe. It conducts its operations by using variants of the Powermud backdoor, a new backdoor (Backdoor.Powemuddy), and custom tools for stealing passwords, creating reverse shells, privilege escalation, and the use of the native Windows cabinet creation tool.

Equifax Breach “Entirely Preventable,” according to Congressional Committee Report

The U.S. House Committee on Oversight and Government Reform Republicans have released a staff report following a 14-month investigation into the Equifax data breach, which it identifies as one of the largest data breaches in U.S. history. The report reveals new information about the breach and presents a series of key findings, the foremost of which is that the incident was “entirely preventable.” Many of the report’s other key findings identify the conditions that enabled the breach, which Equifax could have addressed and likely prevented the incident.

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules (ICSA-18-310-02) – Products Used in the Water and Wastewater Sector

The NCCIC has released an advisory on a missing authentication for critical function vulnerability in Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. Numerous products and versions of these products are affected. Rockwell Automation recommends users of affected products update to an available firmware revision that addresses the associated risk.

Pages

Subscribe to Cybersecurity