You are here

Home » Cybersecurity

Cybersecurity

Cyber Actors Exploit ‘Secure’ Websites in Phishing Campaigns

The FBI’s Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing – a scheme which lures email recipients into visiting malicious websites that look legitimate and secure. More specifically, websites with addresses that start with “https” and with the lock icon are supposed to provide privacy and security to visitors. Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon.

Panasonic Control FPWIN Pro (ICSA-19-157-02)

The NCCIC has published an advisory on heap-based buffer overflow and type confusion vulnerabilities in Panasonic Control FPWIN Pro. Versions 7.3.0.0 and prior are affected. Successful exploitation of these vulnerabilities could crash the device and allow remote code execution. Panasonic recommends users upgrade to FPWIN Pro Version 7.3.1.0 or newer. The NCCIC also advises of a series of mitigating measures. Read the advisory at WaterISAC.

Optergy Proton Enterprise Building Management System (ICSA-19-157-01)

The NCCIC has published an advisory on information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities in Optergy Proton Enterprise Building Management System. Versions 2.3.0a and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and gain full system access. Optergy recommends a series of steps to mitigate the vulnerabilities.

FBI PIN: Cyber Actors Leveraging Malvertising with Hybrid Obfuscation Techniques to Deliver Malware

The FBI has published a Private Industry Notification noting that it has observed cyber actors leveraging malicious advertising (malvertising) with hybrid techniques such as digital steganography and fileless malware to evade detection and improve computer intrusion capabilities. These techniques often take advantage of administrative tools such as PowerShell, which are already present on a victim’s system.

Phoenix Contact FL NAT SMx (ICSA-19-155-02)

The NCCIC has published an advisory on an improper access control vulnerability in Phoenix Contact FL NAT SMx. Numerous products are affected. Successful exploitation of this vulnerability could allow unauthorized users full access to the device configuration. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability. Phoenix Contact recommends affected users operate the devices in closed networks or protected with a suitable firewall and apply specific mitigations.

Phoenix Contact PLCNext AXC F 2152 (ICSA-19-155-01)

The NCCIC has published an advisory on key management errors, improper access control, using component with known vulnerabilities, and man-in-the-middle vulnerabilities in Phoenix Contact PLCNext AXC F 2152. Article numbers 2404267 and 1046568 are affected. Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.

Geutebrück G-Cam and G-Code (ICSA-19-155-03) – Products Used in the Energy Sector

The NCCIC has published an advisory on cross-site scripting and OS command injection vulnerabilities in Geutebrück G-Cam and G-Code. Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the IP camera operator. Geutebrück recommends users upgrade to the latest firmware, Version 1.12.13.2 or later. The NCCIC also recommends a series of mitigating measures.

AVEVA Vijeo Citect and CitectSCADA (ICSA-19-150-01) – Products Used in the Energy Sector

The NCCIC has published an advisory on an insufficiently protected credentials vulnerability in AVEVA Vijeo Citect and CitectSCADA. Verions 7.30 and 7.40 of Citect and CitectSCADA are affected. Successful exploitation of this vulnerability could allow a locally authenticated user to obtain Citect user credentials. AVEVA recommends all affected users download and upgrade to CitectSCADA 2018 as soon as possible. The NCCIC also provided a list of recommended measures to mitigate this vulnerability.

Pages

Subscribe to Cybersecurity