You are here

Home » Cybersecurity

Cybersecurity

NCCIC Analysis Report – Quasar Open Source Remote Administration Tool

The NCCIC has published an Analysis Report on the Quasar, a legitimate open source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation. This Analysis Report provides information on Quasar’s functions and features, along with recommendations for preventing and mitigating Quasar activity.  providing technical information based on samples of the malware and the techniques that were employed.

Bomb Threats Emailed Around the World

Late last week, organizations around the world, including in the U.S., Australia, and Canada, received emails claiming that an explosive device would detonate within their buildings unless a ransom in Bitcoin was paid. Samples of some of the emails show that the sender demanded $20,000 in payment, which was to be converted into Bitcoin and transferred to the sender’s Bitcoin wallet. The threats appear to have been a hoax – no detonations occurred and no devices were found.

Schneider Electric GUICon Eurotherm (ICSA-18-347-01)

The NCCIC has released an advisory on type confusion and stack-based buffer overflow vulnerabilities in Schneider Electric GUIcon Eurotherm. Version 2.0 of this product is affected. Successful exploitation of these vulnerabilities may allow an attacker to execute code with privileges within the context of the application. Schneider Electric recommends upgrading to GUIcon Version 2.0 Software Package (Gold Build 683.003), which includes fixes for these vulnerabilities. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (ICSA-18-347-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on an improper input validation vulnerability in EN100 Ethernet Communication Module and SIPROTEC 5 relays. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could cause a denial-of-service condition of the network functionality of the device, compromising the availability of the system. Siemens has released updates for several affected products. Siemens is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.

Geutebrück GmbH E2 Series IP Cameras (ICSA-18-347-03) – Products Used in the Energy Sector

The NCCIC has released an advisory on an OS command injection vulnerability in Geutebrück GmbH E2 Series IP Cameras. Products running firmware versions prior to 1.12.0.25 are affected. Successful exploitation of this vulnerability may allow a remote attacker to inject OS commands as root. Geutebrück recommends E2 series IP camera users download and update to the newest firmware version, 1.12.0.25. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e (ICSA-18-347-04) – Products Used in the Energy Sector

The NCCIC has released an advisory on a path traversal vulnerability in GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to access system data, which could result in escalation of privilege and unauthorized access to the controller. The path traversal vulnerability has been corrected by GE. GE recommends users upgrade to the current version of ControlST software as described in CSB25378.

Operation Sharpshooter Targeting Global Critical Infrastructure, including Energy

McAfee reports it has discovered a new global campaign, dubbed “Operation Sharpshooter,” that is targeting nuclear, defense, energy, and financial companies (predominantly in the U.S.). The campaign masquerades as a legitimate industry job recruitment activity to gather information. McAfee observes that its discovery of this new, high-function implant is another example of how targeted attacks move in several steps, beginning with attempts to gain intelligence.

Improve ICS Incident Response and Resilience Plans by Enhancing Asset Inventory

You can’t secure what you don’t know, thus making a comprehensive asset inventory an invaluable resource in your cybersecurity program. Likewise, business continuity, resilience, and incident response plans are not complete without understanding your assets. ICS cyber security firm Dragos expands asset management from a function to a framework in their recent whitepaper, Collection Management Frameworks – Beyond Asset Inventories for Preparing for and Responding to Cyber Threats.

McAfee SINAMICS PERFECT HARMONY GH180 (ICSA-18-345-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper access control vulnerability in McAfee SINAMICS PERFECT HARMONY GH180. Multiple products and versions of these products are affected. The vulnerability can be exploited to compromise an HMI, and by extension, the drive system. McAfee has issued Security Bulletin SB10250 to address this vulnerability in MACC. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Microsoft Releases December 2018 Security Update

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Dynamics NAV, Microsoft Exchange Server, Microsoft Visual Studio, and Windows Azure Pack. Microsoft.

Pages

Subscribe to Cybersecurity