You are here

Home

Cybersecurity

NSA Advisory on Managing Risk from Transport Layer Security Inspection

The National Security Agency (NSA) has released a cyber advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. CISA encourages users and administrators to review the advisory and apply the information, as appropriate.

It Only Takes One – One Extra Letter Can be the Difference Between a Legitimate Email and Losing $1 Million

The importance of scrutinizing financial-related and highly sensitive information via email cannot be overstated. In typical business email spoofing style, a scammer, as part of a multinational fraud ring, was able to defraud the CEO of an unidentified Swiss company during a real-estate transaction – an all too common trend. After two presumably legitimate communications with his attorney, the CEO received a third email with new wiring instructions for the remaining balance.

Flexera FlexNet Publisher (ICSA-19-323-01)

CISA has published an advisory on improper input validation and memory corruption vulnerabilities in Flexera FlexNet Publisher. Versions 2018 R3 and prior are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Flexera recommends all users using affected versions of FlexNet Publisher upgrade to Version 2018 R4 or newer as soon as possible. CISA also recommends a series of measures to mitigate the vulnerabilities.

Reminder: Malware Can Exploit Improper Configurations

The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory reminding its partners to protect yourself from unwanted – and potentially harmful – files or programs by adhering to vendor-recommended configurations for hardware and software. It notes that doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible. CISA encourages users and administrators to review the following tips and guidance:

ABB Power Generation Information Manager (PGIM) and Plant Connect (ICSA-19-318-05) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an authentication bypass using an alternate path or channel vulnerability in ABB Power Generation Information Manager (PGIM) and Plant Connect. All versions of both products are affected. Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device. ABB reports PGIM will transition to a limited support phase in January, 2020, and Plant Connect is already obsolete. Users are advised to upgrade to Symphony Plus Historian, which is not affected by this vulnerability.

Siemens Desigo PX Devices (ICSA-19-318-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an external control of assumed-immutable web parameter vulnerability in Siemens Desigo PX Devices. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s web server, requiring a reboot to recover the web interface. Siemens has an update available for some of the affected products and has identified specific workarounds and mitigations that users can apply to reduce risk for the others.

Siemens Mentor Nucleus Networking Module (ICSA-19-318-01)

CISA has published an advisory on an improper input validation vulnerability in Siemens Mentor Nucleus Networking Module. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to affect the integrity and availability of the device. Siemens recommends installing software updates to address this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at WaterISAC.

Latest BlueKeep Exploit Impacted Patched Machines

Over the past few weeks, there have been reports of new exploits targeting the Windows Remote Desktop Protocol (RDP) “BlueKeep” vulnerability. BlueKeep was first disclosed in May and entails a bug in the Windows RDP that allows an attacker to gain remote code execution without any user interaction. Microsoft issued a patch for BlueKeep when the vulnerability was disclosed, and yet many Windows RDP users did not patch their systems, as research of conducted via Shodan has revealed.

Pages

Subscribe to Cybersecurity