Another Utility Forced to Suspend Online Utility Payments Due to Click2Gov
The city of College Station, Texas has recently suspended online utility payments due to a potential security issue with online payment processing provider Click2Gov.
Cybersecurity
Flexera FlexNet Publisher (ICSA-19-323-01)
CISA has published an advisory on improper input validation and memory corruption vulnerabilities in Flexera FlexNet Publisher. Versions 2018 R3 and prior are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Flexera recommends all users using affected versions of FlexNet Publisher upgrade to Version 2018 R4 or newer as soon as possible. CISA also recommends a series of measures to mitigate the vulnerabilities.
Reminder: Malware Can Exploit Improper Configurations
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory reminding its partners to protect yourself from unwanted – and potentially harmful – files or programs by adhering to vendor-recommended configurations for hardware and software. It notes that doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible. CISA encourages users and administrators to review the following tips and guidance:
ABB Power Generation Information Manager (PGIM) and Plant Connect (ICSA-19-318-05) – Products Used in the Water and Wastewater and Energy Sectors
CISA has published an advisory on an authentication bypass using an alternate path or channel vulnerability in ABB Power Generation Information Manager (PGIM) and Plant Connect. All versions of both products are affected. Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device. ABB reports PGIM will transition to a limited support phase in January, 2020, and Plant Connect is already obsolete. Users are advised to upgrade to Symphony Plus Historian, which is not affected by this vulnerability.
Siemens Desigo PX Devices (ICSA-19-318-03) – Products Used in the Water and Wastewater and Energy Sectors
CISA has published an advisory on an external control of assumed-immutable web parameter vulnerability in Siemens Desigo PX Devices. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s web server, requiring a reboot to recover the web interface. Siemens has an update available for some of the affected products and has identified specific workarounds and mitigations that users can apply to reduce risk for the others.
Siemens Mentor Nucleus Networking Module (ICSA-19-318-01)
CISA has published an advisory on an improper input validation vulnerability in Siemens Mentor Nucleus Networking Module. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to affect the integrity and availability of the device. Siemens recommends installing software updates to address this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at WaterISAC.
Latest BlueKeep Exploit Impacted Patched Machines
Over the past few weeks, there have been reports of new exploits targeting the Windows Remote Desktop Protocol (RDP) “BlueKeep” vulnerability. BlueKeep was first disclosed in May and entails a bug in the Windows RDP that allows an attacker to gain remote code execution without any user interaction. Microsoft issued a patch for BlueKeep when the vulnerability was disclosed, and yet many Windows RDP users did not patch their systems, as research of conducted via Shodan has revealed.
Microsoft Releases November 2019 Security Updates
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Open Source Software, Microsoft Exchange Server, Visual Studio, and Azure Stack. Read the update at Microsoft.
Holiday Shopping, Phishing, and Malware Scams
As this holiday season approaches, the DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the following precautions:
Fuji Electric V-Server (ICSA-19-311-02)
CISA has published an advisory on a heap-based buffer overflow vulnerability in Fuji Electric V-Server. Versions 4.0.6 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed; several heap-based buffer overflows have been identified. Fuji Electric has released Version 4.0.7.0 to mitigate the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
Pages
