You are here

Home » Cybersecurity

Cybersecurity

Suspected State-Sponsored Spear Phishing Campaign Targets U.S. Utilities with New Malware

Cybersecurity firm Proofpoint identified a new spear phishing campaign that targeted three undisclosed U.S. utilities. Based on overlaps with historical campaigns and macros utilized, Proofpoint believes the campaign is state-sponsored. The convincing phishing lures purport to come from the National Council of Examiners for Engineering and Surveying (NCEES), a business that handles professional licensing for engineers and surveyors, indicating the threat actors have a decent amount of industry knowledge.

3S-Smart Software Solutions GmbH CODESYS V3 (ICSA-19-213-03)

The NCCIC has published an advisory on unverified ownership and uncontrolled memory allocation vulnerabilities in 3S-Smart Software Solutions GmbH CODESYS V3. All variants of a series of CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system. Successful exploitation of these vulnerabilities could allow a remote attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.

Fuji Electric FRENIC Loader (ICSA-19-213-02)

The NCCIC has published an advisory on an out-of-bounds read vulnerability in Fuji Electric FRENIC Loader. Versions 3.5.0.0 and prior are affected. Successful exploitation of this vulnerability could allow information disclosure. Fuji Electric has released a new version of FRENIC Loader that addresses the reported vulnerability. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.

LCDS LAquis SCADA LQS File Parsing (ICSA-19-213-06) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on out-of-bounds read and type confusion vulnerabilities in LCDS LAquis. SCADA 4.3.1.71 is affected. Successful exploitation of these vulnerabilities could allow an attacker to obtain confidential information or execute remote code. LCDS recommends users update to Version 4.3.1.323. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.

Advantech WebAccess HMI Designer (ICSA-19-213-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an out-of-bounds write vulnerability in Advantech WebAccess HMI Designer. Versions 2.1.9.23 and prior are affected. Successful exploitation of this vulnerability may allow an attacker to remotely execute arbitrary code. Advantech has released Version 2.1.9.31 of WebAccess HMI Designer to address the reported vulnerability. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.

New Playbooks Provide Overviews and Technical Information on Top Cyber Threat Actors

Unit 42, which describes itself as “the global threat intelligence team” at Palo Alto Networks, has released 11 new “Adversary Playbooks” that present the tools, techniques, and procedures (TTPs) used by cyber threat actors. The addition of the newest Playbooks nearly doubles the number in Unit 42’s collection, which now stands at 21.

Tips for Cleaning Out Old Data and Devices

The Center for Internet Security (CIS) reminds partners to properly dispose of old or unused data and devices in its July 2019 newsletter. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be exploited by cyber criminals. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a WaterISAC partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities.

Prima Systems FlexAir (ICSA-19-211-02)

The NCCIC has published an advisory on numerous types of vulnerabilities in Prima Systems FlexAir. Versions 2.3.38 and prior are affected. Exploitation of these vulnerabilities may allow an attacker to execute commands directly on the operating system, upload malicious files, perform actions with administrative privileges, execute arbitrary code in a user’s browser, discover login credentials, bypass normal authentication, and have full system access. Prima Systems has released Version 2.5.12 to fix these issues.

Poor Rates of DMARC Adoption Help Perpetuate Email Spoofing

Analysis performed of domains used by Fortune 500 companies, U.S. government agencies, and other major organizations reveal nearly 80 percent don’t use DMARC, or Domain-based Message Authentication, Reporting & Conformance. It is a protocol that works on top of email servers that already support the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It lets email server administrators put policies in place that can detect when an incoming email is lying about its real "From:" address.

Pages

Subscribe to Cybersecurity