Cybersecurity

Sodinokibi Ransomware Can Now Encrypt Open and Locked Files

When a file is open or locked, most ransomware applications can’t encrypt them without first shutting down the process involved. Applications like database or mail servers lock open files so that other programs can’t modify them. The lock prevents data from being corrupted by two processes writing to a file at the same time. But now the Sodinokibi (aka REvil) ransomware has a new feature for terminating processes that have locked a file, meaning it can encrypt such a file.

Read more about Sodinokibi Ransomware Can Now Encrypt Open and Locked Files

New Information on North Korean Malicious Cyber Activity

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense have provided new information on malicious cyber activity by the North Korean government. In three new Malware Analysis Reports (MARs), these agencies discuss and provide technical information for three malware variants used by the North Korean government: COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. In addition to providing malware descriptions, the MARs contain suggested response actions and recommended mitigation techniques.

Read more about New Information on North Korean Malicious Cyber Activity

Advantech WebAccess Node (ICSA-20-128-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on improper validation of array index, relative path traversal, SQL injection, stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read vulnerabilities in Advantech WebAccess Node. Versions 9.0.0 and 8.4.4 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech has released updated versions of the affected products to address the vulnerabilities.

Read more about Advantech WebAccess Node (ICSA-20-128-01) – Products Used in the Water and Wastewater and Energy Sectors

Another Stuxnet-Style Vulnerability Affecting More PLCs

In the Security & Resilience Update for March 31, 2020, WaterISAC reported on research related to the potential for more Stuxnet-style attacks against PLCs. Airbus Cybersecurity reported a similar Stuxnet-like vulnerability in Schneider Electric’s EcoStruxure Control Expert engineering software.

Read more about Another Stuxnet-Style Vulnerability Affecting More PLCs

Fazecast jSerialComm (ICSA-20-126-01)

CISA has published an advisory on an uncontrolled search path element vulnerability in Fazecast jSerialComm. Versions 2.2.2 and prior of jSerialComm and versions 1.5.x, 1.6.x, and 1.7.x of EcoStruxure IT Gateway are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system. Fazecast recommends users update jSerialComm to Version 2.3 or later. Schneider Electric recommends users upgrade EcoStruxure IT Gateway to Version 1.8.1 or later.

Read more about Fazecast jSerialComm (ICSA-20-126-01)

SAE IT-systems FW-50 Remote Telemetry Unit (RTU) (ICSA-20-126-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on cross-site scripting and path traversal vulnerabilities in SAE IT-systems FW-50 Remote Telemetry Unit (RTU). FW-50 RTU, Series: 5 Series; CPU-type: CPU-5B; Hardware Revision: 2; CPLD Revision: 6 is affected. Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a denial-of-service condition. SAE IT-systems has provided options for addressing these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Read more about SAE IT-systems FW-50 Remote Telemetry Unit (RTU) (ICSA-20-126-02) – Product Used in the Water and Wastewater and Energy Sectors

Situational Awareness – Coronavirus Cyber Compendium, May 05, 2020

Coronavirus cyber activity hasn’t abated. Today we bring you more scam highlights and key developments, including the U.S. Department of Homeland Security’s launch of “Operation Stolen Promise” and other initiatives in an attempt to combat these growing numbers of fraud attempts.

Read more about Situational Awareness – Coronavirus Cyber Compendium, May 05, 2020

CISA Alert: APT Groups Target Essential Services during COVID-19 Pandemic

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a joint Alert with its U.K. counterpart, the National Cyber Security Centre (NCSC), warning that they continue to see indications advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic. Although the Alert highlights activity by these actors against the healthcare sector, it also notes that other sectors, especially those that provide essential services during the pandemic, are being targeted. Targeted sectors include those associated with local governments.

Read more about CISA Alert: APT Groups Target Essential Services during COVID-19 Pandemic

President Trump Issues Executive Order on Securing the United States Bulk Power System

On May 1, 2020, President Trump issued Executive Order 13920 addressing the security of the United States bulk power system due to continued concerns regarding the capabilities and intentions of foreign adversaries. Most notably, UtilityDive highlights the executive order aims to:

Read more about President Trump Issues Executive Order on Securing the United States Bulk Power System

FBI FLASH: COVID-19 Phishing Email Indicators

The FBI has published a TLP:WHITE FLASH message providing indicators of COVID-19 phishing emails to assist in network defense. The FBI advises that cyber criminals, who include advanced persistent threat (APT) groups, have crafted COVID-19-themed health, informational, and warning notice emails in an attempt to obtain online service credentials, such as those for Microsoft Office 365 accounts. Additionally, cyber criminals have attached archive files that contain malicious portable executables (PE) or JAVA.jar files to their phishing emails.

Read more about FBI FLASH: COVID-19 Phishing Email Indicators

You are here

Cybersecurity

Sodinokibi Ransomware Can Now Encrypt Open and Locked Files

New Information on North Korean Malicious Cyber Activity

Advantech WebAccess Node (ICSA-20-128-01) – Products Used in the Water and Wastewater and Energy Sectors

Another Stuxnet-Style Vulnerability Affecting More PLCs

Fazecast jSerialComm (ICSA-20-126-01)

SAE IT-systems FW-50 Remote Telemetry Unit (RTU) (ICSA-20-126-02) – Product Used in the Water and Wastewater and Energy Sectors

Situational Awareness – Coronavirus Cyber Compendium, May 05, 2020

CISA Alert: APT Groups Target Essential Services during COVID-19 Pandemic

President Trump Issues Executive Order on Securing the United States Bulk Power System

FBI FLASH: COVID-19 Phishing Email Indicators

Pages

You are here

Cybersecurity

Pages

Footer Email Signup