You are here

Home » Cybersecurity

Cybersecurity

AVEVA InduSoft Web Studio and InTouch Edge HMI (ICSA-18-305-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition). InduSoft Web Studio versions prior to 8.1 SP2 and InTouch Edge HMI versions prior to 2017 SP2 are affected. Successful exploitation of these vulnerabilities could allow an unauthenticated user to remotely execute code. AVEVA recommends that users upgrade to InduSoft Web Studio v8.1 SP2 and InTouch Edge HMI (formerly InTouch Machine Edition) 2017 SP2 as soon as possible.

SamSam Ransomware Attacks Continue, Focusing Mostly on U.S. Organizations

While many types of ransomware are spread indiscriminately, SamSam in used in a targeted fashion, with the threat actors spending time performing reconnaissance by mapping out the network before encrypting as many computers as possible. A successful SamSam attack will likely be highly disruptive. In the worst-case scenario, if no backups are available or if backups are encrypted by SamSam, valuable data could be lost permanently. Even if an organization does have backups, restoring affected computers and cleaning up the network will cost time and money and may lead to reputational damage.

Bitdefender Offers Free Decryption Tool for GandCrab, the Most Popular Multi-Million Dollar Ransomware of the Year

The GandCrab ransomware family emerged in late February 2018 and was quickly adopted by cybercriminals because it offered something no other ransomware family had offered before: custom ransom amounts. While the average user would be reluctant to spend as much as $500 to get their data back, organizations and companies would be far more interested in paying larger amounts of money. Currently, the most prolific versions of GandCrab are versions 4 and 5, which are estimated to have infected around 500,000 victims worldwide since July 2018.

PEPPERL+FUCHS CT50-Ex (ICSA-18-303-01)

The NCCIC has released an advisory on an improper privilege management vulnerability in PEPPERL+FUCHS CT50-Ex. CT50-Ex running Android OS v4.4 and v6.0 are affected (the original manufacturer was Honeywell). Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges and obtain access to sensitive information. An update is available that resolves this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Trend Micro Report – Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructure

Based on research using open source intelligence resources, cybersecurity firm Trend Micro explores vulnerabilities for two of the most critical infrastructure lifelines. The report, Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries (posted below), demonstrates the ease of discovering and exploiting cyber assets in the water and energy sectors. Primarily using Shodan and other basic open source intelligence (OSINT) techniques, Trend Micro discovered exposed and vulnerable HMIs.

FireEye Intelligence Report: TRITON Activity May Have Ties to Kremlin-backed Threat Actors

FireEye Intelligence has publicly disclosed information highly suggesting activity linked to TRITON is associated with a Russian government-owned technical research institution. In their recent report, FireEye explains several factors contributing to their assessment that the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; a.k.a. ЦНИИХМ) is associated with the development of the secondary malware strains (activity now dubbed TEMP.Veles by FireEye) that aided in the deployment of the primary TRITON payload last November against a Saudi Arabian Petrochemical plant.

Pages

Subscribe to Cybersecurity