You are here

Home » Cybersecurity

Cybersecurity

B&R Industrial Automation Automation Studio and Automation Runtime (ICSA-20-051-01) – Products Used in the Energy Sector

CISA has published an advisory on an improper authorization vulnerability in B&R Industrial Automation Automation Studio and Automation Runtime. Multiple versions of both products are affected. Successful exploitation of this vulnerability may allow a remote attacker to modify the configuration of affected devices. B&R reports product-technical reasons disallow the changing of SNMP credentials. To reduce risk from this vulnerability, the following Automation Studio versions disable the SNMP service by default in newly created AS projects.

Rockwell Automation FactoryTalk Diagnostics (ICSA-20-051-02) – Product Used in the Water and Wastewater Sector

CISA has published an advisory on a deserialization of untrusted data vulnerability in Rockwell Automation Factory Talk Diagnostics. All versions are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM level privileges. Rockwell Automation is currently working to develop updated software that addresses the reported vulnerability. Rockwell Automation recommends affected users implement the compensating controls, based on their needs.

Combination of Banking Trojans and Ransomware Bound to Worsen

IBM’s Security Intelligence has published an article discussing the evolution of banking Trojans, which began a little over a decade ago with the Zeus commercial banking Trojan and have become increasingly sophisticated both in terms of their code and the organized gangs who wield them. While threat actors once primarily used banking Trojans to steal money from corporate accounts, today they are increasingly using them to conduct targeted ransomware attacks that can entail exorbitant payment demands.

New Vulnerability Discovery Reportedly Abuses Same Protocol Used in Industroyer/CRASHOVERRIDE

Successful exploitation of the vulnerability recently published in ICS-CERT Advisory ICSA-20-042-12 regarding Siemens SIPROTEC 4 and SIPROTEC Compact (reported in the Security & Resilience Update for February 13, 2020) is believed to allow an attacker to reproduce damage caused by Industroyer/CRASHOVERRIDE, the ICS

Breaches Caused by Cloud Misconfigurations Cost Businesses Nearly $5 Trillion

In its just released 2020 Cloud Misconfigurations Report, cloud security company DivvyCloud notes nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally. From 2018 to 2019, the number of records exposed by cloud misconfigurations rose by 80 percent, as did the total cost to companies associated with those lost records.

Building a Digital Defense with Passwords

The FBI’s Portland, Oregon office has published an advisory discussing password best practices for protecting yourself and your organization. The advisory also addresses common password mistakes, such as using overly simple passwords, which are easy to an adversary to hack, and reusing passwords, making it possible for a hacker who has obtained the credentials for one account to access others. The advisory advocates for longer, complex passwords that are hard to remember. This can involve combining multiple words into a long string of at least 15 characters.

Why Threat Actors Are Increasingly Conducting Cyber Attacks on Local Government

Reflecting on Recorded Future’s finding that there’s been a dramatic increase in the number of cyber attacks against local governments over the past several years, particularly in terms of ransomware in 2019, IBM’s Security Intelligence writes about why it is that municipal organizations are such attractive targets for threat actors.

CISA Alert: Ransomware Impacting Pipeline Operations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an alert summarizing an incident to which it recently responded. The attack affected the control and communications assets on the operational technology (OT) network of a natural gas compression facility. The incident began with a spearphishing attack that provided access to the information technology (IT) network, from which the attacker pivoted to the OT network. The attacker then deployed ransomware on both networks.

Honeywell INNCOM INNControl 3 (ICSA-20-049-01) – Product Used in the Energy Sector

CISA has published an advisory on an improper privilege management vulnerability in Honeywell INNCOM INNControl 3. Versions 3.21 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the INNControl application. Honeywell encourages users to contact an INNCOM sales representative or authorized systems integrator to obtain information on upgrading their system(s) to the latest version.

Pages

Subscribe to Cybersecurity