You are here

Home » Cybersecurity

Cybersecurity

VPN Security Flaws in Devices Used for Remote Access to OT Networks

Several advisories were posted today concerning recent vulnerabilities disclosed by Claroty regarding VPN remote access devices widely used in industrial environments, including water and electric utilities. Devices from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws. In addition to allowing remote connectivity between sites, these devices are also used to enable remote access into PLCs and other Level 1/0 devices; a practice that has become much more prevalent in light of COVID-19.

HMS Industrial Networks eCatcher (ICSA-20-210-03)

CISA has published an advisory on a stack-based buffer overflow vulnerability in HMS Industrial Networks eCatcher. All versions prior to 6.5.5 are affected. Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution with highest privileges. HMS recommends users update eCatcher to Version 6.5.5 or later. CISA also recommends a series of measures to mitigate the vulnerability.

Softing Industrial Automation OPC (ICSA-20-210-02)

CISA has published an advisory on heap-based buffer overflow and uncontrolled resource consumption vulnerabilities in Softing Industrial Automation OPC. All versions prior to the latest build of 4.47.0 are affected. Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution. Softing Industrial Automation has released an update to mitigate the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Secomea GateManager (ICSA-20-210-01)

CISA has published an advisory on improper neutralization of null byte or NUL character, off-by-one error, use of hard-coded credentials, and use of password hash with insufficient computational effort vulnerabilities in Secomea GateManager. All versions prior to 9.2c are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote code execution on the device. Secomea has released a new version to mitigate the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

FBI FLASH: Indicators Associated with Netwalker Ransomware

The FBI has published a (TLP:WHITE) FLASH message providing indicators associated with the Netwalker Ransomware. The FBI states it has received notifications of Netwalker ransomware attacks on U.S. and foreign government organizations and private companies, among other entities, by unidentified cyber actors. It notes Netwalker became widely recognized in March following intrusions into an Australian transportation and logistics company.

CISA Alert AA20-205A – Take it Very Seriously, but Don’t Panic

When the longest‐serving (former) Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) speaks, people listen, or at least they should. The “joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously. Don’t be fooled — this isn’t a warning about the possibility of attacks. This is a warning that attacks have occurred and are ongoing as we speak,” wrote Marty Edwards in a recent post at Tenable.

Cyber Actors Exploiting Built-in Network Protocols to Carry Out Larger, More Destructive Distributed Denial of Service Attacks

The FBI has published a (TLP:WHITE) Private Industry Notification (PIN) advising that Cyber actors have exploited built-in network protocols, designed to reduce computational overhead of day-to-day system and operational functions, to conduct larger and more destructive distributed denial of service (DDoS) amplification attacks against US networks. As the FBI explains, a DDoS amplification attack occurs when an attacker sends a small number of requests to a server and the server responds with more numerous responses to the victim.

CISA Alert: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about the potential vulnerability of Network Attached Storage Devices (NAS) manufactured by the firm QNAP to the QSnatch malware if not updated with the latest security fixes. According to CISA, the malware has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

Pages

Subscribe to Cybersecurity