Cybersecurity

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. encourages users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.

In the latest high-profile supply chain attack, IT consulting firm Wipro confirmed it experienced a phishing attack that may have allowed its systems to be used to target many of its clients. Wipro believes it was targeted, possibly by a nation-state attacker, who then used the company’s own systems to deliver follow up attacks on at least 12 of its customers. This incident is notable because of the perpetrators’ ability to compromise Wipro accounts, despite the company’s expertise in the area.

The NCCIC has published an advisory on a use of hard-coded credentials vulnerability in WAGO Series 750-88x and 750-87x. Numerous versions of these two products are affected. This vulnerability allows a remote attacker to change the settings or alter the programming of the device. WAGO has released a security advisory and recommends updating to the newest firmware and taking a series of defense measures. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.

The NCCIC has published a “Protecting Against Ransomware” Security Tip, which provides an overview of ransomware, describes how it works and is delivered, and provides recommendations for preventing and responding to ransomware infections. This resource also contains numerous links to other products for helping partners to understand ransomware and how to protect themselves and their organizations from attacks. Access the Security Tip at NCCIC/US-CERT.