Cybersecurity

Moxa MB3xxx Series Protocol Gateways (ICSA-20-056-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on stack-based buffer overflow, integer overflow to buffer overflow, cross-site request forgery, use of a broken or risky cryptographic algorithm, information exposure, cleartext transmission of sensitive information, weak password requirements, cleartext storage of sensitive information, and incorrectly specified destination in a communication channel vulnerabilities in Moxa MB3170 series, MB3180 series, MB3270 series, MB3280 series, MB3480 series, and MB3660 series. Multiple versions of these products are affected.

Read more about Moxa MB3xxx Series Protocol Gateways (ICSA-20-056-01) – Products Used in the Water and Wastewater and Energy Sectors

ICS Year in Review – Vulnerabilities, Threat Landscape and Activity Groups, and Lessons Learned

ICS cybersecurity company Drago has just published a series of three year-in-review reports, what are intended to be a collection of its first-hand experiences hunting, analyzing, and combatting industrial adversaries that provide asset owners and the practitioner community with actionable defensive recommendations to reduce the overall risks associated with operating critical infrastructure.

Read more about ICS Year in Review – Vulnerabilities, Threat Landscape and Activity Groups, and Lessons Learned

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) (ICSA-20-051-04)

CISA has published an advisory on cleartext transmission of sensitive information, origin validation error, use of hard-coded credentials, weak password recovery mechanism for forgotten password, and weak password requirements vulnerabilities in Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App). Versions 3.7 and prior of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain root access to the underlying operating system of the device and may allow read/write access.

Read more about Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) (ICSA-20-051-04)

Honeywell NOTI-FIRE-NET Web Server (NWS-3) (ICSA-20-051-03)

CISA has published an advisory on authentication bypass by capture-replay and path traversal vulnerabilities in Honeywell NOTI-FIRE-NET Web Server. Versions 3.50 and earlier are affected. Successful exploitation of these vulnerabilities could result in an attacker bypassing web server authentication methods. Honeywell has released a firmware update package for all affected products and also recommends steps for users to protect themselves. CISA also recommends a series of measures to mitigate the vulnerability.

Read more about Honeywell NOTI-FIRE-NET Web Server (NWS-3) (ICSA-20-051-03)

B&R Industrial Automation Automation Studio and Automation Runtime (ICSA-20-051-01) – Products Used in the Energy Sector

CISA has published an advisory on an improper authorization vulnerability in B&R Industrial Automation Automation Studio and Automation Runtime. Multiple versions of both products are affected. Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices. B&R reports product-technical reasons disallow the changing of SNMP credentials. To reduce risk from this vulnerability, the following Automation Studio versions disable the SNMP service by default in newly created AS projects.

Read more about B&R Industrial Automation Automation Studio and Automation Runtime (ICSA-20-051-01) – Products Used in the Energy Sector

Rockwell Automation FactoryTalk Diagnostics (ICSA-20-051-02) – Product Used in the Water and Wastewater Sector

CISA has published an advisory on a deserialization of untrusted data vulnerability in Rockwell Automation Factory Talk Diagnostics. All versions are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. Rockwell Automation is currently working to develop updated software that addresses the reported vulnerability. Rockwell Automation recommends affected users implement the compensating controls, based on their needs.

Read more about Rockwell Automation FactoryTalk Diagnostics (ICSA-20-051-02) – Product Used in the Water and Wastewater Sector

Combination of Banking Trojans and Ransomware Bound to Worsen

IBM’s Security Intelligence has published an article discussing the evolution of banking Trojans, which began a little over a decade ago with the Zeus commercial banking Trojan and have become increasingly sophisticated both in terms of their code and the organized gangs who wield them. While threat actors once primarily used banking Trojans to steal money from corporate accounts, today they are increasingly using them to conduct targeted ransomware attacks that can entail exorbitant payment demands.

Read more about Combination of Banking Trojans and Ransomware Bound to Worsen

New Vulnerability Discovery Reportedly Abuses Same Protocol Used in Industroyer/CRASHOVERRIDE

Successful exploitation of the vulnerability recently published in ICS-CERT Advisory ICSA-20-042-12 regarding Siemens SIPROTEC 4 and SIPROTEC Compact (reported in the Security & Resilience Update for February 13, 2020) is believed to allow an attacker to reproduce damage caused by Industroyer/CRASHOVERRIDE, the ICS

Read more about New Vulnerability Discovery Reportedly Abuses Same Protocol Used in Industroyer/CRASHOVERRIDE

Breaches Caused by Cloud Misconfigurations Cost Businesses Nearly $5 Trillion

In its just released 2020 Cloud Misconfigurations Report, cloud security company DivvyCloud notes nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally. From 2018 to 2019, the number of records exposed by cloud misconfigurations rose by 80 percent, as did the total cost to companies associated with those lost records.

Read more about Breaches Caused by Cloud Misconfigurations Cost Businesses Nearly $5 Trillion

Assessment on AA20-049A, Report of Ransomware Impacting Pipeline Operations

Details of AA20-049A published by the U.S. Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA) (reported in the Security & Resilience Update for February 18, 2020), does not seem to represent newly observed activity.

Read more about Assessment on AA20-049A, Report of Ransomware Impacting Pipeline Operations

You are here

Cybersecurity

Moxa MB3xxx Series Protocol Gateways (ICSA-20-056-01) – Products Used in the Water and Wastewater and Energy Sectors

ICS Year in Review – Vulnerabilities, Threat Landscape and Activity Groups, and Lessons Learned

Auto-Maskin RP210E, DCU210E, and Marine Observer Pro (Android App) (ICSA-20-051-04)

Honeywell NOTI-FIRE-NET Web Server (NWS-3) (ICSA-20-051-03)

B&R Industrial Automation Automation Studio and Automation Runtime (ICSA-20-051-01) – Products Used in the Energy Sector

Rockwell Automation FactoryTalk Diagnostics (ICSA-20-051-02) – Product Used in the Water and Wastewater Sector

Combination of Banking Trojans and Ransomware Bound to Worsen

New Vulnerability Discovery Reportedly Abuses Same Protocol Used in Industroyer/CRASHOVERRIDE

Breaches Caused by Cloud Misconfigurations Cost Businesses Nearly $5 Trillion

Assessment on AA20-049A, Report of Ransomware Impacting Pipeline Operations

Pages

You are here

Cybersecurity

Pages

Footer Email Signup