iTerm2 Vulnerability
The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system.
Cybersecurity
Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D) (ICSA-18-079-02) – Products Used in the Water and Wastewater and Energy Sectors
October 8, 2019
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
May 14, 2019
The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
Siemens SIMATIC IT UADM (ICSA-19-281-04)
CISA has published an advisory on a use of hard-coded cryptographic key vulnerability in Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM). All versions prior to 1.3 are affected. Successful exploitation of this vulnerability could allow an attacker to gain read and write access to the related TeamCenter station. Siemens recommends users update to Version 1.3. CISA also recommends a series of measures for mitigating the vulnerability. Read the advisory at CISA.
GE Mark Vle Controller (ICSA-19-281-02) – Product Used in the Energy Sector
CISA has published an advisory on improper authorization and use of hard-coded credentials vulnerabilities in GE Mark Vle Controller. All versions of the GE Mark VIe Controller are affected by at least one of the vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to create read/write/execute commands within the Mark VIe control system. GE has provided recommendations for mitigating the vulnerabilities. CISA also recommends a series of measures for mitigating the vulnerabilities.
SMA Solar Technology AG Sunny WebBox (ICSA-19-281-01) – Product Used in the Energy Sector
CISA has published an advisory on a cross-site request forgery vulnerability in SMA Solar Technology AG Sunny WebBox. Versions 1.6 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and modify input parameters associated with devices such as sensors. This product is end-of-life and is no longer supported, but SMA has provided recommendations for mitigating the vulnerability.
Microsoft Releases October 2019 Security Updates
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Open Source Software, Microsoft Dynamics 365, and Windows Update Assistance. Read the update at Microsoft.
Microsoft Reports Cyber Attacks on Targeted Email Accounts
Microsoft warns that it has observed an Iranian group – referred to as “Phosphorus” – attempting to take control of email accounts by exploiting the password reset or account recovery features. According to Microsoft, Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts.
NCSC Releases Fact Sheet on DNS Monitoring
The Dutch National Cyber Security Centre (NCSC) has released a fact sheet on the increasing difficulty of Domain Name System (DNS) monitoring. NCSC warns that although modernization of transport protocols is helpful, it also makes it more difficult to monitor or modify DNS requests. These changes could render an organization’s security controls ineffective.
US and UK Government Agencies Release Advisories on Recent VPN Vulnerabilities
The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) have released advisories on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications, specifically those produced by Pulse Connect Secure, Fortinet, and Palo Alto Networks. According to the advisories, a remote attacker could exploit these vulnerabilities to take control of an affected system.
FBI Announcement Regarding National Cybersecurity Awareness Month
To mark the beginning of National Cybersecurity Awareness Month (NCSAM), the FBI has published an article discussing the gravity of cybersecurity challenges and providing tips and links to resources to help organizations confront the threats.
Pages
