ICS threats and mitigations. News from cyber gangland, and an indictment in an influence ops case. | #cybersecurity | #cyberattack


Dateline Moscow, Kyiv, Helsinki, Stockholm, Brussels, and Washington: Russia works toward claiming victory by May 9th.

Ukraine at D+50: Russian reconstitution continues as shields stay up for ICS attacks. (The CyberWire) May 9th may represent President Putin’s desired day to claim victory. Atrocities continue under Russian fire as more Russian influencers deny that there are any such things as “Ukrainians”–they’re really just aspirational Russians. Finland may fast-track NATO membership. And the energy sector looks to its defenses as a cyberattack toolkit is identified.

Russia loses warship, says will increase attacks on Kyiv (AP NEWS) A day after Moscow suffered a stinging symbolic defeat with the loss of the flagship of its Black Sea fleet, Russia’s Defense Ministry promised Friday to ramp up missile attacks on the Ukrainian capital in response to Ukraine’s alleged military “diversions on the Russian territory.”

Ukraine war: Russia threatens to step up attacks on Kyiv (BBC News) Moscow says it hit the Ukrainian capital overnight and will launch more strikes in response to attacks in Russia.

Live Updates: Russia Sets Stage for Battle to Control Ukraine’s East (New York Times) Moscow is moving helicopters to Ukraine’s eastern border and bringing in soldiers, the Pentagon says, as both sides prepare for a dug-in fight. Russian forces appear closer to capturing Mariupol.

Russian Troops Risk Repeating Blunders If They Try for May 9 Win (Bloomberg) Mud, logistics, reinforcements argue to delay new offensive. U.S. and allies rush to arm Ukraine on assumed Putin schedule.

What images of Russian trucks say about its military’s struggles in Ukraine (CNN) Experts say photographs of Russian trucks in Ukraine show tell-tale signs of Moscow’s logistical struggles and suggest its efforts are being undermined by a reliance on conscripts and widespread corruption.

Why Putin may be aiming to declare victory over Ukraine on May 9 (Fortune) And why that’s probably a mistake.

What Victory Day means for Russian identity (Washington Post) As Russia’s war against Ukraine stretches into another month, Ukrainians and Western nations are in suspense for how the Kremlin will celebrate a day dear to Russian history.

New Russian Strategy Does Not Resolve Underlying Military Issues (Forbes) Although the new Russian strategy alleviates some of the challenges that the Russians have faced to date, it does not resolve some of the larger issues that have plagued this military operation.

Ukraine-Russia Negotiations: What’s Possible? (Wilson Center) The Russian war on Ukraine has gone on for almost fifty days. And negotiations between Kyiv and Moscow—on two tracks so far—started the day after the Russian invasion. Even as the parties’ positions become clearer, no compromise seems to be on the horizon.

Opinion: Putin is shifting the goal posts. The West must too (CNN) Michael Bociurkiw writes that walking around Kyiv today is like being in a city in an induced coma — life may be returning to Ukraine’s capital, but Russian President Vladimir Putin’s military offensive continues. And it’s become clear that western sanctions are not detering his war machine.

What the ruthless new commander of Russia’s military signals for war in Ukraine (NPR) NPR’s Ailsa Chang talks with Elizabeth Tsurkov of the New Lines Institute for Strategy and Foreign Policy about Russia’s new top commander in Ukraine, Gen. Dvornikov, who is notoriously ruthless.

Moldova says reports Russian army trying to recruit its citizens are dangerous (Reuters) Moldova said on Wednesday that reports that Russia’s army was trying to recruit Moldovan citizens were dangerous and that it was regularly discussing all matters of concern with Russian officials, in response to a question about the Ukraine war.

Russia loses warship, says will increase attacks on Kyiv (AP NEWS) A day after Moscow suffered a stinging symbolic defeat with the loss of the flagship of its Black Sea fleet, Russia’s Defense Ministry promised Friday to ramp up missile attacks on the Ukrainian capital in response to Ukraine’s alleged military “diversions on the Russian territory.”

Ukraine Update: Russian Warship Sinks; U.S. Eyes Envoy to Kyiv (Bloomberg) Russia lost the flagship vessel of its Black Sea Fleet, delivering a blow to its pride and military capabilities as it repositions its forces for renewed attacks in eastern and southern parts of Ukraine.

Russian warship badly damaged; Mariupol faces key battles on war’s 50th day (Washington Post) A Russian warship in the Black Sea is headed toward a port in Crimea for repairs after sustaining significant damage, a Pentagon official said, though whether it was struck by a Ukrainian missile remains uncertain.

Russia’s Black Sea flagship Moskva has sunk, Kremlin confirms (The Telegraph) Kremlin says ship that attacked Snake Island was set on fire by an explosion of ammunition and foundered as it was being towed back to port

Russian warship badly damaged after Ukrainians claim strike (AP NEWS) The Russian military sustained a major blow Thursday when the flagship of the country’s Black Sea fleet was badly damaged and its crew evacuated. Ukrainian officials said their forces hit the vessel with missiles, while Russia acknowledged a fire aboard the Moskva but no attack.

Without the Moskva, Russia’s Black Sea fleet is far more exposed to missiles and drones (The Telegraph) The fleet lacks vessels with a comparable air defence suite, and will thus find it more risky to conduct similar operations

Why the Black Sea flagship Moskva was so strategic for the Russians (The Telegraph) The Slava-class cruiser carried a host of supersonic cruise missiles and anti-submarine mortars

Вартість підбитого крейсера «Москва» – $750 млн. Forbes склав рейтинг найдорожчої російської техніки, знищеної на війні — Forbes.ua (Forbes.ua) Forbes.ua: З початку війни українська армія знищила 5260 одиниць ворожої техніки. Серед них – крейсер «Москва», і це найдорожча вій…

Moskva warship’s sinking a $750 million loss for Russian military: Report (Newsweek) The Moskva is the most expensive piece of equipment that the Russians have lost during the war, according to an analysis by Forbes Ukraine.

Russian armored vehicles seen on Bucha street strewn with bodies, video shows (Washington Post) Drone videos captured over several days in late March show military vehicles used by Russian airborne units near at least eight bodies lying along a street in Bucha, a suburb northwest of Kyiv.

CIA director calls killings in Bucha ‘crimes’ (Washington Post) William J. Burns, in his first public speech as CIA director, aimed several remarks at Vladimir Putin personally.

Russia Crisis Military Assessment: How Ukraine can take the fight to Russia (Atlantic Council) As Ukraine prepares for a larger fight against Russian forces in the east, its military is in urgent need of weapons that will support an offensive, according to our military fellows.

Russia warns U.S. to stop arming Ukraine (Washington Post) The formal diplomatic note from Moscow, a copy of which was reviewed by The Washington Post, came as President Biden approved a dramatic expansion in the scope of weapons being provided to the government in Kyiv

Pressure on US to give Ukraine more intelligence on Russia (AP NEWS) President Joe Biden has called Russia’s war on Ukraine a genocide and accused Vladimir Putin of committing war crimes .

EXPLAINER: Why the term ‘genocide’ matters in Ukraine war (AP NEWS) When President Joe Biden declares Russia’s Ukraine war “genocide,” it isn’t just another strong word.

Kyiv condemns Emmanuel Macron for saying Ukrainians and Russians are ‘brothers’ (The Telegraph) French president’s comments come hour after Joe Biden, the US president, warned that Vladimir Putin wanted to ‘wipe out Ukrainians’

Ukraine War: ICC chief says Ukraine is “a crime scene” (Newsweek) Russia said one of its naval ships sank after Ukraine claims it hit the vessel with a missile attack. The live updates have ended.

War Crimes Watch: The woman who would make Putin pay (AP NEWS) The messages, reports from across Ukraine, scroll in real time: One civilian dead. Thirteen military casualties.

Op-Ed: Lessons from the Soviets on how to hold Russia accountable for war crimes (Los Angeles Times) Ukraine, with international help, needs to begin data gathering on Russian atrocities before evidence gets lost and victims scatter or disappear.

Finland and Sweden pursue unlinked NATO membership (Defense News) Finland had indicated it would prefer a solution that would see the two Nordic unaligned states “jump together” into NATO.

What Finland Can Offer NATO (Foreign Policy) The end of neutrality for a famously neutral country would be a blow to Putin and enhance the alliance’s intelligence capabilities.

Finns living near border watch Russia warily, recall dark past (Reuters) The once bustling border crossing of Imatra, on Finland’s frontier with Russia, now stands idle as the town’s inhabitants cast a nervous eye towards their giant eastern neighbour following its invasion of Ukraine.

Russia threatens to move nukes to Baltic region if Finland, Sweden join NATO (Washington Post) Russia warned Finland and Sweden on Thursday that if they join NATO, Moscow will reinforce the Baltic Sea region, including with nuclear weapons.

Russia Warns of Nuclear Buildup If Finland, Sweden Join NATO (Bloomberg) Kremlin may deploy missiles, other weapons near border. Ukraine invasion spurs calls in Baltic nations to join bloc.

Russia threatens military build up if Finland or Sweden join NATO (Euronews) Medvedev said Russia would deploy “significant naval forces” in the Gulf of Finland if the country joined NATO.

Some see cyberwar in Ukraine. Others see just thwarted attacks. (Washington Post) As Russia’s Ukraine invasion grinds through its second month, experts are still divided over whether hacking is playing a meaningful role in the conflict.

State-backed hackers have developed custom malware (TechCrunch) U.S. government agencies warn that state-backed hackers have developed custom malware to compromise and hijack commonly used industrial control system devices.

Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities (SecurityWeek) Experts believe the new Incontroller (Pipedream) malware designed to target ICS and SCADA systems may have been developed by Russia to target energy facilities.

U.S. warns energy firms of a rapidly advancing hacking threat (E&E News) The alert from the Department of Energy, FBI and other federal agencies of a newly discovered strain of malware comes on the heels of a major Russian

Hackers target Ukrainian govt with IcedID malware, Zimbra exploits (BleepingComputer) Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware.

Ukraine conflict heightens US military’s data privacy vulnerabilities (C4ISRNet) It is the new normal for military service members and veterans to be considered high value targets in the information war.

Here’s how the U.S. should respond to any Russian cyberattacks (Washington Post) Retaliation needs to be harsh enough to deter further hacks — but not so severe that it causes more escalation

Why Russia’s Elites Went to War (Wilson Center) A clear understanding of why and how Russia’s monstrous war of aggression against Ukraine, a war destructive for both countries, became possible will require much time and effort. So far, the focus of immediate commentary has invariably been on President Putin, as the outbreak of war is perceived as his personal decision. However, reasoning along the lines of “we are all the hostages of one man’s insanity” is more likely to produce a fictitious answer rather than a genuine one.

The Little Picketers of Russia (The Nation) The rules are simple: Create a small figure with a banner protesting the invasion, put it in a public place, and upload a photo.

Ukrainian, Belarusian, and Russian Women and the Anti-War Movement (New Security Beat) “I want this war to be over. I want all of us to rebuild our societies. We are a force that can do that, and we will do that; we are doing it. But I think we also need to see the bigger picture, […]

World’s biggest oil traders are set to cut out Russian oil purchases from the middle of May, report says. (Markets Insider) Major oil trading houses are set to significantly reduce the amount of oil they purchase from Russia from May 15th, a report says.

The world must not allow Putin to bankrupt Ukraine into surrender (Atlantic Council) Russian war crimes in Ukraine have shocked the world but the systematic damage being done to the Ukrainian economy is also an important element of Putin’s invasion that requires urgent international attention.

Israel won’t stick out its neck for Ukraine. It’s because of Russia. (Atlantic Council) Over the last decade, regional developments have forced Israel to balance its moral sense regarding the Russia-Ukraine conflict against its vital national interests.

How 50 days of Russia’s war in Ukraine changed the world (Washington Post) Fifty days ago, on Feb. 24, Russian President Vladimir Putin announced the start of a military assault on neighboring Ukraine. Russian artillery and airstrikes pummeled Ukrainian cities, and the Kremlin’s troops swept across the border, triggering a mass exodus that has become Europe’s largest refugee crisis since World War II.

Attacks, Threats, and Vulnerabilities

US agency attributes $540 million Ronin hack to North Korean APT group (The Record by Recorded Future) The US Treasury’s Office of Foreign Assets Control (OFAC) on Thursday attributed one of the largest DeFi hacks ever to notorious North Korean APT group Lazarus.

US Officials Tie North Korea’s ‘Lazarus’ Hackers to $625M Crypto Theft (CoinDesk) Axie Infinity’s Ronin blockchain suffered a massive exploit late last month.

Chemical sector targeted by North Korea-linked hacking group, researchers say (The Record by Recorded Future) An espionage campaign from North Korea’s Lazarus Group has now turned its attention to chemical sector organizations in South Korea, according to a report from cybersecurity company Symantec.

Karakurt revealed as data extortion arm of Conti cybercrime syndicate (BleepingComputer) After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation.

Threat Spotlight: Conti Ransomware Group Behind the Karakurt Hacking Team (Infinitum) In this report we would like to share the strong connection between two notorious Cyber Threat Actors called Conti and Karakurt.

Haskers Gang Gives Away ZingoStealer Malware to Other Cybercriminals for Free (The Hacker News) Haskers gang has released a new information stealing malware called ZingoStealer for free to other cybercriminal groups.

ZingoStealer crimeware released for free in the cybercrime ecosystem (Security Affairs) A new powerful crimeware called ZingoStealer was released for free by a threat actor known as Haskers Gang. ZingoStealer is a new information-stealer developed by a threat actor known as Haskers Gang who released it for free after they attempted to sell the source code for $500. The threat actors were also offering their own crypter, dubbed […]

Analysis of the SunnyDay ransomware (Security Affairs) The analysis of a recent sample SunnyDay ransomware revealed some similarities with other ransomware, such as Ever101, Medusa Locker, Curator, and Payment45. Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result of the work, some similarities between other ransomware samples such as Ever101, Medusa Locker, Curator, and Payment45 were found.  […]

Critical Code Execution Flaw Haunts VMware Cloud Director (SecurityWeek) VMWare warns that an authenticated attacker with network access to the VMware Cloud Director tenant or provider can exploit a remote code execution vulnerability to gain access to the server.

Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites (SecurityWeek) A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution.

Several Vulnerabilities Allow Disabling of Palo Alto Networks Products (SecurityWeek) Palo Alto Networks has informed customers about several vulnerabilities that can be used to disable the company’s products.

Researchers find vulnerability in Rarible NFT platform (The Record by Recorded Future) A security flaw in the biggest NFT marketplace allows threat actors to steal a user’s NFTs and cryptocurrency in a single transaction, according to a new report from cybersecurity firm Check Point. 

VMware Confirms Workspace One Exploits in the Wild (SecurityWeek) Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMWare is warning that one of the flaws is being exploited in the wild.

Instagram’s dark side: sexual harassers, crypto scammers, ID thieves (BleepingComputer) A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables—from sexual harassers to crypto “investors” helping you “get rich fast.” How do you keep yourself safe against such profiles?

RIPTA paid hackers $170,000 following cyberattack (WPRI) The security breach occurred in August and the stolen information includes the personal details for some state workers who have no ties to the public transit agency.

Wind turbine firm Nordex hit by Conti ransomware attack (BleepingComputer) The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month.

CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerability in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates. 

Security Patches, Mitigations, and Software Updates

An Update on CVE-2022-26809 – MSRPC Vulnerabliity – PATCH NOW (SANS Internet Storm Center) [If your main concern is that you do not have time to apply the April update, stop wasting more time reading this (or anything else about CVE-2022-26809) and start patching]

Experts warn of concerns around Microsoft RPC bug (The Record by Recorded Future) Cybersecurity experts and researchers have raised alarms around a vulnerability disclosed by Microsoft yesterday concerning Windows hosts running the Remote Procedure Call Runtime (RPC).

Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

Juniper Networks Releases Security Updates for Multiple Products (CISA) Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

Johnson Controls Metasys (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Incomplete Cleanup 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to use a session token that has not been cleared upon log out of an authenticated user.

Red Lion DA50N (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: DA50N Vulnerabilities: Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials 2.

Delta Electronics DMARS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DMARS Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain sensitive information.

Siemens SICAM A8000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files without authentication.

Siemens SIMATIC Energy Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Energy Manager Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Uncontrolled Search Path Element, Deserialization of Untrusted Data 2.

Siemens SIMATIC S7-400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-400 Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.

Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU GNU/Linux subsystem Vulnerabilities: Use of Unmaintained Third-party Components 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.

Siemens SIMATIC STEP 7 (TIA Portal) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Siemens Equipment: STEP 7 (TIA Portal) Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading.

Siemens Simcenter Femap (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution.

Siemens TIA Administrator (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATICS PCS neo (Admin Console), SINTEPLAN, TIA Portal Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to cause a denial-of-service condition.

Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to extract information from a database protected field.

Siemens RUGGEDCOM Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords.

Siemens Polarion ALM (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution and sensitive information extraction.

Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Using Components with Known Vulnerabilities 2.

Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to dump and modify sensitive data.

Siemens SIMATIC WinCC and PCS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2.

Siemens Solid Edge, JT2Go, and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, JT2Go, and Teamcenter Visualization Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-bounds Read 2.

Siemens COMOS Web (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Basic XSS, Relative Path Traversal, SQL Injection, Cross-site Request Forgery 2.

Siemens SIMATIC WinCC (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC Vulnerabilities: Path Traversal, Insertion of Sensitive Information into Log File 2.

Siemens Nucleus RTOS-based APOGEE and TALON Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus RTOS based APOGEE and TALON Products
Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Buffer Access with Incorrect Length Value, Integer Underflow, Improper Handling of Inconsistent Structural Elements

Siemens Industrial Products Intel CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-05 Siemens Industrial Products Intel CPU that was published August 10, 2021, to the ICS webpage on www.cisa.gov/uscert.

Siemens PROFINET Devices (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens  Equipment: PROFINET Devices Vulnerability: Allocation of Resources Without Limits or Throttling 2.

Siemens VxWorks-based Industrial Products (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Wind River VxWorks-based Industrial Products Vulnerability: Heap-based Buffer Overflow 2.

Siemens SIMATIC RFID (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC RF Products Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-159-13 Siemens SIMATIC RFID Readers that was published June 8, 2021, on the ICS webpage on www.cisa.gov/uscert.

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update J) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2.

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update B) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.1
ATTENTION: Exploitable from an adjacent network/low skill level to exploit
Vendor: Siemens
Equipment: SIMOTICS, Desigo, APOGEE, and TALON
Vulnerability: Business Logic Errors
2.

Siemens SCALANCE & SIMATIC (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update E) that was published September 14, 2021, to the ICS webpage on www.cisa.gov/uscert. 

Siemens Industrial Products SNMP (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2.

Siemens PROFINET-IO Stack (Update G) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update F) that was published October 14, 2021 to the ICS webpage on www.cisa.gov/uscert.

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update G) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC Vulnerability: Incorrect Calculation of Buffer Size 2.

Siemens SIMATIC Products (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function 2.

Siemens Industrial Products (Update P) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Siemens Industrial Products with OPC UA (Update G) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2.

Siemens OPC UA Protocol Stack Discovery Service (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper restriction of XML external entity reference 2.

Siemens SIMATIC CP 1543-1 (Update A) | (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1543-1 Vulnerability: Improper Input Validation, Improper Privilege Management 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-16-327-01 Siemens SIMATIC CP 1543-1 Vulnerabilities that was published November 22, 2016, on the ICS webpage on www.cisa.gov/uscert.

Siemens SCALANCE X-300 Switches (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-300 switch family devices Vulnerabilities: Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read 2.

Siemens SCALANCE FragAttacks (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE family devices Vulnerabilities: Improper Authentication, Injection, Improper Validation of Integrity Check, Improper Input Validation 2.

Siemens OpenSSL Vulnerabilities in Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/high attack complexity Vendor: Siemens Equipment: Siemens Industrial Products Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition if a maliciously crafted renegotiation message is sent.

Siemens PROFINET Stack Integrated on Interniche Stack (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Stack Integrated on Interniche Stack Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a denial-of-service condition.

Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to read sensitive data.

Siemens SCALANCE W1700 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1700 Vulnerabilities: Race Condition, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause various denial-of-service conditions.

Path to Cyber Readiness — Preparation, Perception and Partnership (Trellix) In response to the unprecedented software supply chain attacks to SolarWinds and Microsoft in 2020 and 2021, the United States Executive Branch issued a major directive on cybersecurity policy:

Banking insights of interest. (Quantum Metric) A look at how digital has changed consumers’ relationships with money and their banks.

75% Of Security Pros Use or Will Implement Cyber Risk Quantification Within 18 Months, According to Kovrr and SANS Institute (Yahoo) Kovrr, a leading provider of cyber risk quantification (CRQ) solutions for global enterprises and (re)insurers, and SANS Institute, the most trusted resource for cybersecurity training, certifications and research, today release their joint survey that reveals enterprise motivation and impact of cyber risk quantification (CRQ) in the modern cybersecurity landscape. CRQ helps businesses evaluate the potential financial impact of cyber events on an organization an

Jamie Dimon says he no longer uses the word “cryptocurrency” (Quartz) For years, Jamie Dimon, the CEO of JPMorgan Chase, has thought of cryptocurrencies as a sham or “worthless.” But now, he says, he has stopped even calling them “currencies,” preferring the term “crypto-tokens” instead.

First Quarter 2022 Data Breach Analysis: Data Compromises Off to Fast Start; Victim Rates Continue to Drop (Identity Theft Resource Center) Publicly reported data compromises totaled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021.

Ransomware: These two gangs are behind half of all attacks (ZDNet) Two particular ransomware groups have been very busy- but there are other ransomware threats out there too.

In Germany, Industrial Sector Hit Hardest by Ransomware in 2020 and 2021 | Recorded Future (Recorded Future) The report provides an overview of the ransomware situation in Germany in 2020 and 2021, discussing high-level trends, common techniques used, and a Germany-specific analysis based on a dataset of past attacks.

Marketplace

Impervious.ai Raises Seed Round to Develop the Peer-to-Peer Internet Standard (PR Newswire) Impervious Technologies Inc. (impervious.ai) is excited to announce the close of their seed financing round, with participation from notable…

greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform (Business Wire) greymatter.io Inc., an enterprise microservices platform provider, today announced the close of a $7.1 million Series A round. Led by Elsewhere Partne

HelpSystems Acquires Security Awareness Training Company Terranova (MSSP Alert) Multiple HelpSystems acquisitions address MDR (managed detection & response) security, cyber threat intelligence & vulnerability assessments.

Elon Musk could have competition: Thoma Bravo considers Twitter bid (New York Post) Private equity giant Thoma Bravo is working on a possible bid for Twitter, a source close to the situation told The Post — setting up what could be a rival to Elon Musk’s offer for the …

Kaspersky relocates cyberthreat-related data processing for users in Latin America and Middle East to Switzerland and re-certifies its data services by TÜV AUSTRIA (www.kaspersky.com) Kaspersky has expanded the scope of its cyberthreat-related data relocation, which now covers users in Latin America and the Middle East. The company’s commitment to following the best data security practices has been reaffirmed by TÜV AUSTRIA’s re-certification of Kaspersky’s data services with an expanded scope. In addition, the company publicly shared information on the requests for data and technical expertise received from government and law enforcement agencies as well as from users in H2 2021.

Neurodiverse Candidates Find Niche in Remote Cybersecurity Jobs (Wall Street Journal) The Covid-19 pandemic forced many employees to work from home, leveling the playing field for people with conditions such as autism, who might not fare as well in office settings.

Thales, The First Group to Join The Campus Cyber in Paris, La Défense, And Lend Its Expertise to the Service of This New Ecosystem (Thales Group) April 2022 saw the arrival of about sixty Thales employees, engineers, consultants, and cybersecurity project managers on the Cyber Campus. To mark the occasion, Patrice Caine underlined its role as a catalyst for international cyber excellence in a context of globalization and a sharp rise in threats.

PayPal fires team responsible for quantum computing and cryptography (Charged) PayPal has fired its team responsible for quantum computing, cryptography, and distributed ledger technology, according to a report from Business Insider.

Cybersecurity company Securonix looks to ramp up sales, hiring in India (YourStory.com) The US-headquartered SIEM SaaS company recently raised $1 billion in a funding round led by Vista Equity to fuel global expansion and hiring.

San Antonio native named managing director of new cybersecurity accelerator (San Antonio Business Journal) The 12-week accelerator program is held in partnership with Geekdom.

Unisys Appoints Debra McCann as Chief Financial Officer, Mike Thomson as President and Chief Operating Officer (Unisys) Unisys Corporation (NYSE: UIS) today announced the appointment of Debra “Deb” McCann as executive vice president and chief financial officer (CFO). McCann, who reports to Unisys Chair and Chief Executive Officer Peter Altabef, leads the finance function for the company, which includes controllership, investor relations, financial planning and analysis (FP&A), treasury, tax and internal audit.

Bishop Fox Appoints VP of Product Management and VP of Engineering to Drive Product Innovation (GlobeNewswire News Room) Industry Veterans Penelope Yao and KJ Nouri to Lead Expansion of Award-Winning Continuous Offensive Security Platform…

Products, Services, and Solutions

Absolute Software Introduces Ransomware Response Offering (Absolute Software) Absolute is the leading visibility and control platform that gives you tamper-proof protection for all of your devices, data and applications. With the Absolute Platform, you get the power of asset intelligence, continuous compliance and endpoint hygiene.

Beyond Identity Expands Integrations With Leading SSO Providers (Beyond Identity) New Integrations With CyberArk, Google Cloud, OneLogin by One Identity, Shibboleth, and VMware Augment Robust Passwordless MFA Ecosystem

Palo Alto Networks’ new tool shields businesses from unsecure home networks (IT PRO) Okyo Garde Enterprise Edition separates corporate and personal Wi-Fi to prevent lateral threats

Technologies, Techniques, and Standards

‘All tech roles should have an element of cybersecurity in them’ (Silicon Republic) Version 1’s Sat Gainda believes that no individual is off limits from attackers and cybersecurity should be a part of everyone’s role.

Payments Summit 2022 Unites Industry Influencers to Explore Card Innovations, Cryptocurrency, Mobile Identity and the Future of Fraud Response (GlobeNewswire News Room) The Secure Technology Alliance today recognizes the success of its 14th annual Payments Summit. The…

Legislation, Policy, and Regulation

Government approves master plan for army cyber defence (SWI swissinfo.ch) Switzerland’s armed forces plan to invest up to CHF2.4 billion ($2.6 billion) over the next few years to boost the country’s cyber defence.

Boards, Security Chiefs Face Challenges Over New Cyber Rules (Wall Street Journal) Cyber chiefs must move away from presenting technical information to outlining where they need resources in easy-to-understand terms, when dealing with board members.

Speech “Working On ‘Team Cyber’” – Remarks Before the Joint Meeting of the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council (FSSCC) (US Securities and Exchange Commission) Thank you. It’s good to be with the Financial and Banking Information Infrastructure Committee (FBIIC) as well as the Financial Services Sector Coordinating Council (FSSCC). As is customary, I’d like to note that my remarks are my own, and I’m not speaking on behalf of the Commission or SEC staff.

Litigation, Investigation, and Law Enforcement

North Korea Designation Update (U.S. Department of the Treasury) The following changes have been made to OFAC’s SDN List: LAZARUS GROUP (a.k.a. “APPLEWORM”; a.k.a. “APT-C-26”; a.k.a. “GROUP 77”; a.k.a. “GUARDIANS OF PEACE”; a.k.a. “HIDDEN COBRA”; a.k.a. “OFFICE 91”; a.k.a. “RED DOT”; a.k.a. “TEMP.HERMIT”; a.k.a. “THE NEW ROMANTIC CYBER ARMY TEAM”; a.k.a. “WHOIS HACKING TEAM”; a.k.a. “ZINC”), Potonggang District, Pyongyang, Korea, North;

Russian legislator, staff accused of trying to influence US lawmakers: DOJ (Newsweek) A newly unsealed federal indictment alleges a covert effort by Russian officials to lobby members of Congress.

Russian Legislator and Two Staff Members Charged with Conspiring to Have U.S. Citizen Act as an Illegal Agent of the Russian Government in the United States (US Department of Justice) Three citizens of the Russian Federation (Russia) are charged in an indictment, which was unsealed today, with conspiring to use an agent of Russia in the United States without prior notice to the Attorney General, conspiring to violate U.S. sanctions, and conspiring to commit visa fraud.

The bizarre true story of Havana syndrome: covert sonic warfare or a case of mass hysteria? (The Telegraph) In 2016, US officials in Cuba showed inexplicable signs of brain trauma, with hundreds since reporting similar incidents the world over



Original Source link

Leave a Reply

Your email address will not be published.

thirty four + = thirty eight