You are here

Home » Cybersecurity

Cybersecurity

FBI PIN: Kwampirs Malware Employed in Ongoing Supply Chain Campaign Targeting Global Industries

The FBI has published a Private Industry Notification (PIN) on Kwampirs, a remote access Trojan the FBI says has heavily targeted several industries, including energy and the software supply chain. As described in the PIN, a campaign with Kwampirs employs a two-phased approach. The first phase establishes a broad and persistent presence on the targeted network, to include delivery and execution of secondary malware payload(s). The second phase includes the delivery of additional Kwampirs components or malicious payload(s) to further exploit the infected victim host(s).

Why Does it Take a Real-World Incident to Spur Cybersecurity Resilience Actions?

There is certainly no shortage of advice and best practices being labeled with “COVID-19” to grab our attention. But the fact of the matter is, whether it is hand washing or cyber resilience, the guidance is valid for all-time. But, it is an unfortunate reality that it often takes an incident to spur us into shoring up cyber hygiene, or personal hygiene for that matter. Whether out of complacency, denial, lack of support or resources, many organizations and individuals simply do not act until it is nearly too late.

Advantech WebAccess (ICSA-20-086-01) – Product Used in the Water and Wastewater Sector

CISA has published an advisory on a stack-based buffer overflow vulnerability in Advantech WebAccess. Versions 8.4.2 and prior are affected. Successful exploitation of this vulnerability may allow remote code execution. Advantech has released Version 8.4.4 of WebAccessNode to address the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Security Awareness – SANS Work-From-Home Deployment Kit

With countless utilities having implemented teleworking for much of their non-critical roles during the COVID-19 situation, it is likely that many did not have policies, procedures, or even infrastructure or devices in place to support a remote workforce. As such, many staff were probably sent home with little knowledge or resources on how to perform their jobs securely from remote locations and/or personal devices.

Knowledge is Key – ICS Cyber Operation Counterintelligence

While most of the nation is working and learning remotely (hopefully at home) to stop the spread of COVID-19, it is up to critical infrastructure owners and operators to keep the water running, toilets flushing, heat and lights on, and the shelves stocked with critical supplies. While many utilities are finding the proper balance between social distancing and maintaining operations, cyber threat actors across all categories have stepped up their campaigns in hopes to capitalize on the numerous distractions and our eagerness for greater situational awareness during this time.

Schneider Electric IGSS SCADA Software (ICSA-20-084-02) – Product Used in the Energy Sector

CISA has published an advisory on path traversal and missing authentication for critical function vulnerabilities in Schneider Electric IGSS SCADA software. Versions 14 and prior using the service IGSSupdate are affected. Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions. Schneider Electric has provided IGSS14 Version 14.0.0.20009 to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Microsoft RCE Vulnerabilities Affecting Windows, Windows Server

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.

Pages

Subscribe to Cybersecurity