You are here

Home » Cybersecurity

Cybersecurity

Seedworm Group Compromises Government Agencies, Oil and Gas, and More

Symantec reports it has uncovered extensive insights into a cyber threat actor it calls “Seedworm,” which it says is behind operations that have gathered intelligence on targets spread primarily across the Middle East but also in North American and Europe. It conducts its operations by using variants of the Powermud backdoor, a new backdoor (Backdoor.Powemuddy), and custom tools for stealing passwords, creating reverse shells, privilege escalation, and the use of the native Windows cabinet creation tool.

Equifax Breach “Entirely Preventable,” according to Congressional Committee Report

The U.S. House Committee on Oversight and Government Reform Republicans have released a staff report following a 14-month investigation into the Equifax data breach, which it identifies as one of the largest data breaches in U.S. history. The report reveals new information about the breach and presents a series of key findings, the foremost of which is that the incident was “entirely preventable.” Many of the report’s other key findings identify the conditions that enabled the breach, which Equifax could have addressed and likely prevented the incident.

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules (ICSA-18-310-02) – Products Used in the Water and Wastewater Sector

The NCCIC has released an advisory on a missing authentication for critical function vulnerability in Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. Numerous products and versions of these products are affected. Rockwell Automation recommends users of affected products update to an available firmware revision that addresses the associated risk.

GE Profidy (ICSA-18-340-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an XXE vulnerability in GE Profidy. Cimplicity 9.0 R2, 9.5, and 10.0 are affected. Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an arbitrary file. GE recommends users update to Version 2.1 or newer. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Ransomware Will Soon Target Social Media Accounts and IoT Devices, According to Report

Managed service provider (MSP) Datto has just published its annual report on trends in ransomware, which is based on data it received from 2,400 IT professionals from around the world. Among other findings, the report notes that whereas 89% of MSPs are “highly concerned” about ransomware, just 36% of small and medium-sized businesses feel the same. Additionally, a majority of MSPs predict ransomware will move beyond targeting just PCs and servers and that it will soon be used to encrypt social media accounts and Internet of Things (IoT) devices.

SpiderControl SCADA WebServer (ICSA-18-338-02)

The NCCIC has released an advisory on a reflected cross-site scripting vulnerability in SpiderControl SCADA WebServer. Successful exploitation of this vulnerability could allow an attacker to execute JavaScript on the victim’s browser. Versions prior to 2.03.0001 are affected. SpiderControl has released Version 2.03.0001, which fixes the vulnerability.  The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Omron CX-One (ICSA-18-338-01)

The NCCIC has released an advisory on stack-based buffer overflow and use after free vulnerabilities in Omron CX-One. Versions 4.42 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. Omron has released an updated version of CX-One to address the reported vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Pages

Subscribe to Cybersecurity