You are here

Home » Cybersecurity

Cybersecurity

Using the “Bow Tie Model” to Assess OT Security Impacts Due to COVID-19

As nearly every organization across the globe experienced significant disruptions from COVID-19, critical infrastructure security firm Applied Risk references the Bow Tie Model to assess eight major areas of impact that most likely affected OT operations. Applied Risk discusses threats, access and control monitoring, network segmentation, business continuity, third party security, training and awareness, risk analysis, and residual risk. Look familiar?

Unpatched Microsoft Systems Vulnerable to CVE-2020-0796

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available and functional proof-of-concept (PoC) code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are targeting unpatched systems with the new PoC, according to recent open-source reports.

SWARCO CPU LS4000 (ICSA-20-154-06)

CISA has published an advisory on an improper access control vulnerability in SWARCO CPU LS4000. All OS versions starting with G4 are affected. Successful exploitation of this vulnerability could allow access to the device and disturb operations with connected devices. SWARCO has released a patch to fix the vulnerability and close the port. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

GE Grid Solutions Reason RT Clocks (ICSA-20-154-05) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a missing authentication for critical function vulnerability in GE Grid Solutions Reason RT Clocks. For RT430, RT431, and RT434, all firmware versions prior to 08A05 are affected. Successful exploitation of this vulnerability could allow access to sensitive information, execution of arbitrary code, and cause the device to become unresponsive. GE strongly recommends users of time synchronization products update their units to firmware Version 08A05 or greater to resolve these issues. It also recommends a series of mitigation measures.

ABB Central Licensing System (ICSA-20-154-04) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on information exposure; improper restriction of XML external entity reference; uncontrolled resource consumption; permissions, privilege, and access controls; and improper access control vulnerabilities in ABB Central Licensing System. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected system node remotely and cause an affected CLS Server node to stop or prevent legitimate access to the affected CLS Server.

ABB Multiple System 800xA Products (ICSA-20-154-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect default permissions vulnerability in ABB System 800xA. Numerous products and versions of these products are affected. Successful exploitation of the vulnerability could allow an attacker to make the system node inaccessible or tamper with runtime data in the system. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.

ABB System 800xA Base (ICSA-20-154-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in ABB System 800xA Base. Versions 6.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to escalate privileges and cause system functions to stop or malfunction. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.

ABB System 800xA (ICSA-20-154-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect default permissions vulnerability in ABB System 800xA products. Numerous products and versions of these products are affected. Successful exploitation of the vulnerability could allow an attacker to escalate privileges, cause system functions to stop, and corrupt user applications. ABB has published an advisory with its recommendations for mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability.

CISA Warns of Hurricane-Related Scams

With June 1 marking the official start of the 2020 Atlantic hurricane season, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails – often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks.

NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability

The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.

Pages

Subscribe to Cybersecurity