You are here

Home » Cybersecurity

Cybersecurity

Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II (ICSA-19-134-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an uncontrolled resource consumption vulnerability in Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II. For NXG I and NXG II, all versions of 6SR2, 6SR3, and 6SR4 with option G28 are affected. Successful exploitation of this vulnerability could allow an attacker with access to the Ethernet Modbus Interface to cause a denial-of-service condition exceeding the number of available connections. Siemens recommends that affected users upgrade to NXGpro control. The NCCIC has also provided a series of measures to address the vulnerability.

Siemens LOGO! BM (ICSA-19-134-04)

The NCCIC has published an advisory on missing authentication for critical function, improper handling of extra values, and plaintext storage of a password vulnerabilities in Siemens LOGO!8 BM. All versions are affected. Successful exploitation of these vulnerabilities could allow device reconfiguration, access to project files, decryption of files, and access to passwords. Siemens recommends a series of mitigations to address the vulnerabilities. The NCCIC has also provided a series of measures to address the vulnerabilities.

Siemens LOGO! Soft Comfort (ICSA-19-134-03)

The NCCIC has published an advisory on a deserialization of untrusted data vulnerability in Siemens LOGO! Soft Comfort. All versions are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user into opening a manipulated project. Siemens recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability.

Siemens SIMATIC WinCC and SIMATIC PCS 7 (ICSA-19-134-02) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on a missing authentication for critical function vulnerability in Siemens SIMATIC WinCC and SIMATIC PCS 7. Versions 7.2 and earlier and versions 7.3 and newer of SIMATIC WinCC and versions 8.0 and earlier and 8.1 and newer of SIMATIC WinCC are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. Siemens recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability.

Microsoft Releases May 2019 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, Team Foundation Server, Visual Studio, Azure DevOps Server, SQL Server, .NET Framework, .NET Core, ASP.NET Core, ChakraCore, Online Services, Azure, NuGet, and Skype for Android.

Analysis Report: Microsoft Office 365 Security Observations

The NCCIC has published an Analysis Report providing information on the risk associated with migrating email services to Microsoft Office 365 (O365) and other cloud services, a phenomenon it notes is increasing. It states that organizations and their third-party partners need to be aware of the risks involved in transitioning to O365 and other cloud services. The report includes recommendations for mitigating these risks and vulnerabilities. Read the report at NCCIC/US-CERT.

PrinterLogic Print Management Software Vulnerabilities

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the CERT/CC Vulnerability Note VU#1629249 and consider the listed workarounds until patches are made available.

GandCrab Ransomware’s New Evasive Infection Chain

Cybereason has posted a research article on the GandCrab ransomware, which it notes has adopted different evasive techniques to enable successful infections. According to Cybereason, these techniques include combining a phishing email and weaponized Office documents to gain initial entry onto a targeted machine and leveraging “living-off-the-land” binaries to bypass Windows AppLocker and fetch the ransomware payload, among others. The article contains details discussions of these techniques, including screenshots, and provides recommendations for preventing infections.

FBI FLASH: Indicators of Compromise Associated with Ryuk Ransomware

The FBI has released a FLASH message containing information and indicators of compromise associated with the Ryuk ransomware. It notes that cyber criminals have targeted more than 100 businesses with Ryuj since about August 2018, encrypting files on network shares and infecting computer file systems. Ransom sums of up to $5 million have been demanded by the cyber criminals in exchange for the decryptor program. Ryuk’s targets have varied, but the FBI notes they have had a disproportionate impacts on certain kinds of organizations, which include small municipalities.

NCCIC Alert: New Exploits for Unsecure SAP Systems

The U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) has issued an alert in response to recently disclosed exploits that target unsecure configurations of SAP components. According to the alert, a presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet, as it is an untrusted network.

Pages

Subscribe to Cybersecurity