Cybersecurity

The NCCIC has published an advisory on improper authentication, protection mechanism failure, permission issues, key management errors, and insufficient control flow management vulnerabilities in Intel Data Center Manager SDK. Versions prior to 5.0.2 are affected. Successful exploitation of these vulnerabilities may allow escalation of privilege, denial of service, or information disclosure. Intel recommends that affected users contact an Intel Data Center Manager SDK reseller for the Version 5.0.2 update. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

The NCCIC has published an advisory on an authentication bypass using an alternate path or channel vulnerability in Pangea Communications Internet FAX ATA. Versions 3.1.8 and prior are affected. Successful exploitation of this vulnerability could cause the device to reboot and create a continual denial-of-service condition. Pangea Communications has contacted users of the affected product and have deployed a patch to resolve the issue. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

February 14, 2019

The NCCIC has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 27, 2018

ICS-CERT has updated this advisory with additional details on affected products and mitigation details. ICS-CERT.

January 23, 2018

Software technology company Check Point reports its researchers detected a new campaign exploiting Linux servers to distribute a backdoor Trojan, dubbed SpeakUp. SpeakUp is capable of delivering any payload and executing it on compromised machines; it evades detection by all security vendors’ anti-virus software. According to Check Point, threats like SpeakUp are a stark warning of bigger threats to come since they can evade detection and then distribute further, potentially more dangerous malware to compromised machines.