You are here

Home

Cybersecurity

Operation Sharpshooter Targeting Global Critical Infrastructure, including Energy

McAfee reports it has discovered a new global campaign, dubbed “Operation Sharpshooter,” that is targeting nuclear, defense, energy, and financial companies (predominantly in the U.S.). The campaign masquerades as a legitimate industry job recruitment activity to gather information. McAfee observes that its discovery of this new, high-function implant is another example of how targeted attacks move in several steps, beginning with attempts to gain intelligence.

Improve ICS Incident Response and Resilience Plans by Enhancing Asset Inventory

You can’t secure what you don’t know, thus making a comprehensive asset inventory an invaluable resource in your cybersecurity program. Likewise, business continuity, resilience, and incident response plans are not complete without understanding your assets. ICS cyber security firm Dragos expands asset management from a function to a framework in their recent whitepaper, Collection Management Frameworks – Beyond Asset Inventories for Preparing for and Responding to Cyber Threats.

McAfee SINAMICS PERFECT HARMONY GH180 (ICSA-18-345-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper access control vulnerability in McAfee SINAMICS PERFECT HARMONY GH180. Multiple products and versions of these products are affected. The vulnerability can be exploited to compromise an HMI, and by extension, the drive system. McAfee has issued Security Bulletin SB10250 to address this vulnerability in MACC. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Microsoft Releases December 2018 Security Update

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Dynamics NAV, Microsoft Exchange Server, Microsoft Visual Studio, and Windows Azure Pack. Microsoft.

Seedworm Group Compromises Government Agencies, Oil and Gas, and More

Symantec reports it has uncovered extensive insights into a cyber threat actor it calls “Seedworm,” which it says is behind operations that have gathered intelligence on targets spread primarily across the Middle East but also in North American and Europe. It conducts its operations by using variants of the Powermud backdoor, a new backdoor (Backdoor.Powemuddy), and custom tools for stealing passwords, creating reverse shells, privilege escalation, and the use of the native Windows cabinet creation tool.

Equifax Breach “Entirely Preventable,” according to Congressional Committee Report

The U.S. House Committee on Oversight and Government Reform Republicans have released a staff report following a 14-month investigation into the Equifax data breach, which it identifies as one of the largest data breaches in U.S. history. The report reveals new information about the breach and presents a series of key findings, the foremost of which is that the incident was “entirely preventable.” Many of the report’s other key findings identify the conditions that enabled the breach, which Equifax could have addressed and likely prevented the incident.

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules (ICSA-18-310-02) – Products Used in the Water and Wastewater Sector

The NCCIC has released an advisory on a missing authentication for critical function vulnerability in Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules. Numerous products and versions of these products are affected. Rockwell Automation recommends users of affected products update to an available firmware revision that addresses the associated risk.

GE Profidy (ICSA-18-340-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an XXE vulnerability in GE Profidy. Cimplicity 9.0 R2, 9.5, and 10.0 are affected. Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an arbitrary file. GE recommends users update to Version 2.1 or newer. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Ransomware Will Soon Target Social Media Accounts and IoT Devices, According to Report

Managed service provider (MSP) Datto has just published its annual report on trends in ransomware, which is based on data it received from 2,400 IT professionals from around the world. Among other findings, the report notes that whereas 89% of MSPs are “highly concerned” about ransomware, just 36% of small and medium-sized businesses feel the same. Additionally, a majority of MSPs predict ransomware will move beyond targeting just PCs and servers and that it will soon be used to encrypt social media accounts and Internet of Things (IoT) devices.

Pages

Subscribe to Cybersecurity