You are here

Home » Cybersecurity

Cybersecurity

Advantech WebAccess/SCADA (ICSA-19-092-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory about command injection, stack-based buffer overflow, and improper access control vulnerabilities in Advantech WebAccess/SCADA. WebAccess/SCADA Versions 8.3.5 and prior are affected. Successful exploitation of these vulnerabilities may cause a denial of service and allow remote code execution. Advantech has released Version 8.4.0 of WebAccess/SCADA to address the reported vulnerabilities. The NCCIC also advises of a series of measures for mitigating these vulnerabilities.

Supply Chain Integrity Month

April is Supply Chain Integrity Month. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment.

LockerGoga Security Primer

The Multi-State ISAC (MS-ISAC) has published a Security Primer on the LockerGoga malware. This product provides an overview of the malware, lists indicators of concerns associated with this malware, includes a series of examples of the ransom notes left by the malware, and discusses recommendations for protecting organizations against LockerGoga activity. WaterISAC has been monitoring and reporting on LockerGoga since it was first disclosed that the malware was targeted industrial firms, the first of which appears to have been the Norwegian aluminum produce Norsk Hyrdo.

All Things That Change Require a Change Management Process

Eddie Habibi, founder and CEO of ICS cybersecurity firm PAS Global, discusses the importance of change management for ICS environments and the value of modeling after OSHA Process Safety Management and management of change (MOC) requirements. Habibi stresses that the effective consequence of a successful cyberattack by bad actors is no different from that of an actual safety incident and the same process safety culture is required in ICS cybersecurity strategy.

Rockwell Automation PowerFlex 525 AC Drives (ICSA-19-087-01)

The NCCIC has published an advisory on a resource exhaustion vulnerability in Rockwell Automation PowerFlex 525 AC Drives. PowerFlex 525 AC Drives with embedded EtherNet/IP and Safety Versions 5.001 and earlier are affected. Successful exploitation of this vulnerability could result in resource exhaustion, denial of service, and/or memory corruption. Rockwell Automation has released new firmware to address the vulnerability. The NCCIC also offers a series of measures to address this vulnerability.

Australia’s Intelligence Agency Publishes its Vulnerability Disclosure Process

The Australian Signals Directorate (ASD), Australia’s closest counterpart to the U.S.’s National Security Agency (NSA), has published its process for disclosing cyber vulnerabilities. ASD’s process starts with the assertion that its default position is to disclose all vulnerabilities it discovers, so that vendors can develop and issue patches.

ASUS Releases Security Update for Live Update Software

ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The NCCIC encourages users and administrators to review the ASUS article for more information. The article includes a security diagnostic tool that users can run on their device to determine whether it is affected.

ENTTEC Lighting Controllers (ICSA-19-085-03)

The NCCIC has published an advisory on a missing authentication for critical function vulnerability in ENTTEC Lighting Controllers. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could reboot this device allowing a continual denial of service condition. ENTTEC recommends users upgrade to the March 2019 revB firmware or later. The NCCIC also offers a series of measures to address this vulnerability.

PHOENIX CONTACT RAD-80211-XD (ICSA-19-085-02) 

The NCCIC has published an advisory on a command injection vulnerability in Phoenix Contact RAD-80211-XD. RAD-80211-XD (2885728) and RAD-80211-XD/HP-BUS (2900047) are affected. Successful exploitation of this vulnerability could allow an attacker to execute system level commands with administrative privileges. Phoenix Contact recommends a series of measures to mitigate this vulnerability. The NCCIC also offers a series of measures to address this vulnerability.

LockerGoga – Two More Industrial Victims Come Forward

On Friday, news was released that two more industrial firms were impacted by LockerGoga. American chemical companies Hexion and Momentive announced they had fallen victim on March 12. Momentive has since ordered hundreds of new computers to replace the infected ones, according to the CEO. In additional recovery efforts, some Momentive employees have been given new email accounts on a new corporate domain. Cybersecurity firm FireEye states they have dealt with several LockerGoga attacks at other unnamed industrial and manufacturing firms.

Pages

Subscribe to Cybersecurity