You are here

Home » Cybersecurity

Cybersecurity

FBI Warns of Advance Fee and BEC Schemes Related to PPE and Supplies Procurement during COVID-19 Pandemic

The FBI has issued an industry alert warning of rapidly emerging advance fee and business email compromise (BEC) schemes related to procurement of personal protective equipment (PPE) and other equipment in short supply during the current COVID-19 pandemic. The FBI recently became aware of multiple incidents of government agencies, attempting to procure such equipment, wiring transferred funds to fraudulent sellers in advance of receiving the items. In one case, an individual claimed to represent an entity with which the purchasing agency had an existing business relationship.

Adversaries Living off the ICS/OT Land and How to Detect Them

“Living off the land” is a phrase adopted to describe adversary behavior of using built-in system tools in an attempt to blend in or hide in plain sight with expected system/network activity. The practice typically involves IT-based tools and tactics, but industrial cybersecurity firm Dragos reviews the relevance or living off the land for ICS/OT environments. Even advanced ICS-focused (and skilled) threat groups use IT-based system tools such as PowerShell to gain initial access before traversing ineffective network segmentation to compromise ICS/OT networks.

Security Awareness – A Few of the Latest Coronavirus Related Scams

Even during this challenging time, there is no question that cyber attack ploys are the same. Threat actors constantly leverage disasters in their campaigns; however, the specific themes and lures abusing coronavirus news and information across various attack techniques continues unabated. Attackers are not letting up, and we must not grow weary in keeping our remote workers aware of the scams using coronavirus that are intended to trick them into clicking on a malicious link or opening a weaponized document.

KUKA.Sim Pro (ICSA-20-098-05)

CISA has published an advisory on an improper enforcement of message integrity during transmission in a communication channel vulnerability in Kuka.Sim Pro. Version 3.1 is affected. Successful exploitation of this vulnerability could result in a loss of integrity in external 3D models fetched from remote servers. When tested on real machines, this effect is unpredictable. KUKA recommends upgrading KUKA.Sim Pro to Version 3.1.2 or above to mitigate this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

Fuji Electric V-Server Lite (ICSA-20-098-04)

CISA has published an advisory on a heap-based buffer overflow vulnerability in Fuji Electric V-Server Lite. All versions prior to 4.0.9.0 are affected. Successful exploitation of this vulnerability could allow a remote attacker to gain elevated privileges for remote code execution. Fuji Electric has released Version 4.0.9.0 to mitigate the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Rockwell Automation RSLinx Classic (ICSA-20-100-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in Rockwell Automation RSLinx Classic. Versions 4.11.00 and prior are affected. Successful exploitation of this vulnerability could allow a local authenticated attacker to execute malicious code when opening RSLinx Classic. For Versions 3.60 to 4.11, Rockwell Automation recommends users apply patch 1091155. Affected users are encouraged to apply the most recent version of RSLinx Classic. CISA also recommends a series of measures to mitigate the vulnerability.

HMS Networks eWON Flexy and Cosy (ICSA-20-098-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a cross-site scripting vulnerability in HMS Networks eWON Flexy and Cosy. For both products, all firmware versions prior to 14.1s0 are affected. Successful exploitation of this vulnerability could initiate a password change. HMS Networks recommends users update to latest firmware, Version 14.1s0. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

GE Digital CIMPLICITY (ICSA-20-098-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper privilege management vulnerability in GE Digital CIMPLICITY. Versions 10.0 and prior are affected. Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CISA also recommends a series of measures to mitigate the vulnerability.

Advantech WebAccess/NMS (ICSA-20-098-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on unrestricted upload of file with dangerous type, SQL injection, relative path traversal, missing authentication for critical function, improper restriction of XML external entity reference, and OS command injection vulnerabilities in Advantech WebAccess/NMS. Versions prior to 3.0.2 are affected. Successful exploitation of these vulnerabilities may allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.

Pages

Subscribe to Cybersecurity