You are here

Home

Cybersecurity

Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy Command and Control Servers

New samples of Emotet have been observed using different post-infection traffic than previous versions, according to analysis just published by cybersecurity company Trend Micro. Additionally, that analysis revealed Emotet is attempting to use compromised connected devices as proxy command and control servers to evade detection. These discoveries also show that the malware is being used to compromise and collect vulnerable connected devices, which could become resources for other malicious purposes.

Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers (ICSA-19-113-01)

The NCCIC has published an advisory on an open redirect vulnerability in Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to input a malicious link redirecting users to a malicious website. Rockwell Automation has released a security advisory with mitigation steps. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.

NIST Issues Revised Guidelines for Mobile App Security Vetting

The National Institute of Standards and Technology (NIST) has published a revised version of its Vetting the Security of Mobile Applications special publication. Despite their utility, mobile applications, or “apps,” can pose serious security risks to an organization and its users due to vulnerabilities that may exist within their software. Such vulnerabilities may be exploited to steal information, control a user’s device, deplete hardware resources, or result in unexpected app or device behavior.

Research into Dark Web Criminals’ “How-to” Guides

Terbium Labs has released a report analyzing nearly 30,000 “how-to” guides for committing cyber fraud available on the Dark Web. These online documents typically include instructions on specific fraud capabilities such as account takeover, phishing, cashing out, doxing, synthetic fraud, and account creation. They could feature instructions, personal notes from the author on their experiences of what works and what doesn’t, social engineering and technical advice, and more.

Researchers Release Security Software to Defend against Cyber Attacks

A team consisting of researchers from Microsoft Research, Inria, and Carnegie Mellon University’s CyLab recently released the world's first verifiably secure industrial-strength cryptographic library – a set of code that can be used to protect data and is guaranteed to protect against the most popular classes of cyberattacks. The library is called “EverCrypt” and is available for download on GitHub. "With EverCrypt, we can rule out entire classes of vulnerabilities," said CybLab’s Bryan Parno, who is also an associate professor of Computer Science and Electrical and Computer Engineering.

Multiple Vulnerabilities in Broadcom WiFi Chipsets

The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom Wi-Fi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.

Latest Supply Chain Attack Demonstrators the Importance of Evaluating all Vendors

In the latest high-profile supply chain attack, IT consulting firm Wipro confirmed it experienced a phishing attack that may have allowed its systems to be used to target many of its clients. Wipro believes it was targeted, possibly by a nation-state attacker, who then used the company’s own systems to deliver follow up attacks on at least 12 of its customers. This incident is notable because of the perpetrators’ ability to compromise Wipro accounts, despite the company’s expertise in the area.

Delta Industrial Automation CNCSoft (ICSA-19-106-01)

The NCCIC has published an advisory on stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read vulnerabilities in Delta Industrial Automation CNCSoft. Versions 1.00.88 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta Electronics recommends updating to the latest version of ScreenEditor 1.00.89. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.

WAGO Series 750-88x and 750-87x (ICSA-19-106-02) – Products Used in the Energy Sector

The NCCIC has published an advisory on a use of hard-coded credentials vulnerability in WAGO Series 750-88x and 750-87x. Numerous versions of these two products are affected. This vulnerability allows a remote attacker to change the settings or alter the programming of the device. WAGO has released a security advisory and recommends updating to the newest firmware and taking a series of defense measures. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.

Pages

Subscribe to Cybersecurity