Cybersecurity

CISA has published an advisory on an external control of file name or path vulnerability in Advantech WebAccess/SCADA. Versions 9.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute remote code as an administrator. Advantech recommends users update to Version 9.0.1 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

On Monday, a coalition of tech companies orchestrated a takedown attempt of TrickBot, currently one of the most successful malware-as-a-service operations. TrickBot survived the operation, with the command and control servers and domains that had been seized replaced the next day by new infrastructure. However, the operation appears to have had some effect on TrickBot, even if it was just temporal and limited. "Our estimate right now is what the takedown did was to give current victims a breather," a security researcher said.

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager and SAP Focused Run. CISA encourages users and administrators to review the SAP Security Notes for October 2020 and apply the necessary updates.

CISA has published an advisory on a use of client-side authentication vulnerability in Siemens SIPORT MP. Versions 3.2.1 and prior are affected. Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate other users of the system and perform (potentially administrative) actions on behalf of those users if the single sign-on feature (“Allow logon without password”) is enabled. Siemens has released an updated version of SIPORT MP and recommends users install this update on all affected systems.