Iranian cyberespionage reported. A Trojan for Roblox. CIA gets a CISO. GRU accused of cyber war crimes. | #cybersecurity | #cyberattack


Dateline Moscow, Kyiv, the Hague: Failed maneuver, war crimes allegations.

Ukraine at D+78: River crossings and war crimes. (The CyberWire) Russian attempts to envelop Ukrainian forces in the Donbas fail as a river crossing ends in disaster. Ukraine is holding its first war crimes trial. A US group wants the ICC to prosecute GRU operators as war criminals for their 2015 and 2016 cyberattacks against sections of the Ukrainian power grid.

Russia’s invasion of Ukraine: List of key events, day 79 (Al Jazeera) As the Russia-Ukraine war enters its 79th day, we take a look at the main developments.

Ukrainian Forces Hold the Line in Donbas as Western Heavy Weapons Join the Battle (Wall Street Journal) More than three weeks after the massive Russian offensive that aims to encircle Ukraine’s best forces in Donbas kicked off, Moscow’s achievements so far are limited at best.

A bridge too far for Russian invaders as whole battalion destroyed in failed river crossing mission (The Telegraph) The complex operation, dramatically foiled by Ukrainian forces, is emblematic of the Kremlin’s wider struggles in the latest phase of war

Russia-Ukraine war: failed Donbas crossing ‘shows pressure on Russia’; UK announces new sanctions targeting Putin’s family – live (the Guardian) UK’s ministry of defence says highly risky manoeuvre highlights failure to make progress; new UK sanctions aimed at ‘shady network propping up Putin’s lifestyle’

EU to provide new 500 million euro military aid to Ukraine, Borrell says (Reuters) EU foreign policy chief Josep Borrell said on Friday the bloc would provide a further 500 millions euros worth of military support to Ukraine and that he was confident a deal could be reached in the coming days to agree an embargo on Russian oil.

Panzerfaust 3: The Cold War weapon wrecking Russian tanks in Ukraine (Military Times) Though it has its roots in fighting Soviets in World War II, the Panzerfaust 3 antitank rocket is now being used against the Russians again — in Ukraine.

Javelin missile: Made by the US, wielded by Ukraine, feared by Russia (Military Times) The American-made FGM-148 Javelin has been making mincemeat of T-72s and T-90s in Ukraine, according to reports.

Russians paid to march in ‘Immortal Regiment’ parade honouring dead soldiers (The Telegraph) Marketing agency advert offered people up to £5.65 to take part in the celebration in St Peterburg

Escape From Moscow (Foreign Affairs) The new Russian exiles—and how they can defeat Putin.

Russia is fixing weapons with fridge and dishwasher parts (The Telegraph) Western sanctions making it virtually impossible for Kremlin’s armed forces to secure correct components to fix military machines

Could Sabotage Stop Putin From Using the Nuclear Option? (Foreign Policy) If the West is behind mysterious fires in Russia, the ongoing—but deniable—threat could deter Putin from escalating.

Ukraine to put first Russian soldier on trial for war crimes | DW | 12.05.2022 (Deutsche Welle) Kyiv prosecutor Iryna Venediktova announced plans to hold the trial of a 21-year-old Russian soldier accused of killing a civilian. The soldier was allegedly told to shoot the victim in order to avoid detection.

Russian soldier on trial in first Ukraine war-crimes case (AP NEWS) A 21-year-old Russian soldier went on trial Friday in Kyiv for the killing of an unarmed Ukrainian civilian, marking the first war crime prosecution of a member of the Russian military from 11 weeks of bloodshed in Ukraine .

First Russian soldier goes on trial in Ukraine for war crimes (the Guardian) Vadim Shysimarin accused of killing civilian on 28 February while fighting in Sumy region in north-east Ukraine

The Case for War Crimes Charges Against Russia’s Sandworm Hackers (Wired) A group of human rights lawyers and investigators has called on the Hague to bring the first-ever “cyber war crimes” charges against Russia’s most dangerous hackers.

Russia ramps up hacking and jamming efforts in Ukraine (Cyber Security Hub) Russia continues its cyber-offensive in Ukraine as hacking efforts ramp up

Misinformation In Cyberspace – Security – European Union (Mondaq) Since the war in Ukraine became the main subject of newspaper headlines, the amount of related misinformation spread online has reached new heights.

Canada to deploy a general and staff to Latvia for new NATO unit -PM Trudeau (Reuters) Canada will deploy a general and six staff officers to a new NATO unit in Latvia that will help plan, coordinate and integrate regional military activities, Prime Minister Justin Trudeau said on Thursday.

Finland should brace for Russian cyber attacks, Traficom says (Yle) Although Finland’s preparedness and defence capabilities are high, the transport and communications agency urges citizens to be well-prepared for network and power outages.

The War in Ukraine Will Be a Historic Turning Point (Foreign Affairs) But for history to take the right path, America and Europe must work together.

Biden looks to nudge ASEAN leaders to speak out on Russia (AP NEWS) President Joe Biden is looking to nudge southeast Asian leaders to be more outspoken about Russia’s invasion of Ukraine , but the issue continues to be a delicate one for many members of the region’s 10-country alliance with deep ties to Moscow.

Why Biden’s Anti-Putin Democracy Crusade Is Failing (Foreign Policy) Washington’s framing of its fight against Russian aggression has failed to win over most of the world.

Rare Russia Criticism Within China Shows Simmering Policy Debate (Bloomberg) Ex-ambassador to Ukraine says war making Moscow weaker partner. Concern grows as Putin’s military offensive gets bogged down.

Russia Isolated in Its Postimperial Phantasm (Wilson Center) Vladimir Putin’s blitzkrieg in Ukraine was supposed to be a stroke of strategic genius: in one fell swoop, a resurgent Russia would redraw the map of Europe, reducing Ukraine to a demilitarized zone in the Kremlin’s cordon sanitaire against the West. NATO, at long last, would be stopped in its tracks and put in its place.

Ukraine Latest: Russia to Bolster Border, EU Cools on Oil Ban (Bloomberg) Russia will likely step up defenses along its border with Finland if the latter goes ahead with plans to join NATO, the Russian ambassador to the European Union said.

Russia-Ukraine latest news: Finland prepares for Russia to cut off gas supplies in response to Nato application pledge (The Telegraph) Finland is preparing for Russia to cut off gas supplies after leaders in Helsinki backed entering Nato “without delay”.

Four months later, Cox Media confirms ransomware attack (The Record by Recorded Future) The Cox Media Group, one of the largest media conglomerates in the US, has formally acknowledged a ransomware attack that crippled and took down live feeds for several TV and radio stations earlier this year, in June.

Finland’s New Frontier (Foreign Affairs) Will Russia seek to disrupt Helsinki’s NATO bid?

FAST THINKING: Why Finland and Sweden are feeling secure about NATO membership (Atlantic Council) How did the two countries arrive so quickly at this juncture? And what opportunities and dangers lie ahead? Our experts in Helsinki, Brussels, and Washington have the answers.

NATO Membership Requests: Georgia and Ukraine Should Not Be Forgotten (Wilson Center) The Russian invasion of Ukraine has changed the world order. Over the past eleven weeks, the international community has stood firmly behind Ukraine. It has supplied Ukraine with billions of dollars in humanitarian, medical, and financial assistance and millions in defense aid. Moreover, the international community has implemented stiff penalties on Russia to try to force this country to stop its unprovoked war.

How Putin’s NATO nightmare became a self-fulfilling prophecy (Newsweek) The Russian president faces an expanding alliance on his doorstep—the very thing he used to justify his invasion of Ukraine.

Vladimir Putin’s Nato own goal has brought a sea change in European security (The Telegraph) Bringing Finland and Sweden on board will significantly the alliance’s northern flank following the Russian invasion of Ukraine

In Moldova, a pro-Russia region welcomes Ukrainian refugees (Al Jazeera) Gagauzia, the country’s poorest area with some autonomy, is torn between powers in Russia, Turkey, the EU and Chisinau.

Putin points finger back at West, Biden for causing global inflation crisis (Newsweek) The Russian president said that his country was “confidently managing in the face of external challenges.”

Wegen Ukraine-Krieg: Siemens zieht sich aus Russland zurück (ZDF Heute) Wegen Ukraine-Krieg: Ikea, H&M, Starbucks und jetzt auch Siemens – Industriekonzern zieht sich nach 170 Jahren komplett aus Russland zurück.

Siemens: Russland-Geschäft eingestellt – wie steht der Konzern jetzt da? (RND) Finanz­­presse­­konferenzen nehmen dieser Tage unübliche Verläufe. So dankt Siemens-Chef Roland Busch zur Vorlage von Quartalszahlen erst einmal seinem ukrainischen Mitarbeiter Andrej. Der Nachname des Siemens-Sicherheitschefs in der Ukraine bleibt unerwähnt, um ihn nicht zu einem identifizierbaren Ziel für russische Aggressoren zu machen. Andrej harre in einem Keller aus und helfe, die 180 Beschäftigte starke Siemens-Belegschaft und deren Familien in der Ukraine in Sicherheit zu bringen sowie Konvois in den Westen zu organisieren, erzählt Busch. Auch Siemens selbst handelt. „Wir haben die schwere Entscheidung getroffen, unser Geschäft in Russland vollständig einzustellen“, erklärt der Siemens-Chef. Das hinterlässt Spuren in der diesjährigen Konzernbilanz.

Siemens leaving Russia over Ukraine invasion (The Hill) Automation company Siemens has announced it will shut down operations in Russia in response to Moscow’s invasion of Ukraine.  “Siemens will exit the Russian market as a result of the Ukraine w…

UK sanctions target Putin’s financial network including rumoured girlfriend (the Guardian) Liz Truss says move is aimed at exposing ‘shady network propping up Putin’s luxury lifestyle’

Russia-Ukraine latest news: Vladimir Putin’s ex-wife targeted in latest UK sanctions (The Telegraph) Britain will target Vladimir Putin’s ex-wife and cousins in a fresh round of sanctions designed to crack down on the Russian leader’s financial network, Liz Truss has announced.

ZTE risks penalties with ‘business as usual’ in Russia (Light Reading) New prohibitions on the sale of US technology in Russia arguably pose little direct threat to Huawei.

Attacks, Threats, and Vulnerabilities

Iranian hackers exposed in a highly targeted espionage campaign (BleepingComputer) Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools.

Iranian APT Cobalt Mirage launching ransomware attacks (SearchSecurity) An Iranian APT known as Cobalt Mirage also dabbles in ransomware attacks against U.S. targets for financial gain, according to Secureworks researchers.

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (The Hacker News) Iranian Hackers levereging legitimate tools like BitLocker and DiskCryptor in Ransomware attacks against organizations in Israel, the U.S., Europe, an

Iranian Cyberspy Group Launching Ransomware Attacks Against US (SecurityWeek) Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities

APT gang Sidewinder goes on two-year Asia attack spree (Register) Launches almost 1,000 raids, plenty with upgraded malware

Please Confirm You Received Our APT | FortiGuard Labs  (Fortinet Blog) FortiGuard Labs researchers recently examined a spearphishing attack targeting a Jordanian diplomat. This blog analyzes the attack chain associated with this email and the traits that set it apart …

Roblox Exploited with Trojans from Scripting Engine (Avanan) The popular game Roblox is being exploited with malicious trojan files.

RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload (Netskope) Summary RedLine Stealer is a malware that emerged in 2020, discovered in underground forums being sold in different plans, starting from $100 per month.

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites (The Hacker News) Researchers have identified a massive campaign responsible for injecting malicious JavaScript code into thousands of compromised WordPress websites.

WannaCry’s ghost is still wreaking havoc five years on (IT PRO) A retooled version of the infamous ransomware strain continues to haunt corporate networks around the world

Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning (WhiteSource) WhiteSource security analyzed the possible impact of a newly discovered RubyGems vulnerability that uses cache poisoning to implement an unauthorized takeover of new gem versions.

How a pentester’s attempt to be ‘as realistic as possible’ alarmed cybersecurity firms (The Record by Recorded Future) Pentersters working for a threat intelligence firm are facing backlash after several researchers were fooled into thinking an npm supply chain attack on German companies was a legitimate hack.

Crypto Fans Are So Dumb They’re Clicking .EXE Files Disguised as NFTs (Futurism) A report from cybersecurity firm Malwarebytes found that there’s been a marked increase in malware campaigns geared towards the NFT community.

Misconfigured ElasticSearch Servers Exposed 579 GB of Users’ Website Activity (HackRead) In total, two misconfigured ElasticSearch servers belonging to an unknown organization exposed 359,019,902 (359 million) records that were collected with the help of data analytics software developed by SnowPlow Analytics.

‘Criminal’ Data Breach Affects Over 1,200 Cannabis Stores in Ontario (High Times) Sensitive data leaked in the breach could compromise cannabis retail stores throughout Ontario.

Refuah Health Center Suffers Cybersecurity Incident, 260K Impacted (Health IT Security) Refuah Health Center, Omnicell, McKenzie Health, and Vail Health Services recently reported cybersecurity incidents.

Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access (SecurityWeek) SEC Consult analyzed Konica Minolta printers to determine what could be achieved by an attacker who has physical access to a device.

10 reasons why we fall for scams (WeLiveSecurity) The ‘it won’t happen to me’ mindset leaves you unprepared – these common factors put any of us at heightened risk of falling prey to online fraud.

The three most dangerous types of internal users to be aware of (Information Age) Nic Sarginson, principal solutions engineer, Yubico, identifies the three most dangerous internal users organisations should be aware of

Security Patches, Mitigations, and Software Updates

IBM sprays Log4j bugs in security products (iTnews) Apache Struts utility still causing headaches for admins.

Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard (SecurityWeek) Intel has released patches for multiple vulnerabilities across its product portfolio, including a series of high-severity vulnerabilities in the BIOS firmware of several processor models.

HP Patches UEFI Vulnerabilities Affecting Over 200 Computers (SecurityWeek) HP patches two high-severity vulnerabilities that impact the UEFI firmware of more than 200 laptops, workstations, and other products.

Adobe Releases Security Updates for Multiple Products (CISA) Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. 

Siemens SCALANCE & SIMATIC (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update E) that was published September 14, 2021, to the ICS webpage on www.cisa.gov/uscert. 

Siemens SCALANCE & SIMATIC (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update E) that was published September 14, 2021, to the ICS webpage on www.cisa.gov/uscert. 

Siemens TIA Portal (Update C) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: TIA Portal
Vulnerability: Path Traversal
2. UPDATE INFORMATION

This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update B) that was published January 12, 2021, to the ICS webpage at www.cisa.gov/uscert/ics.

Siemens Industrial Products (Update R) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update D) (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 7.1
ATTENTION: Exploitable from an adjacent network/low skill level to exploit
Vendor: Siemens
Equipment: SIMOTICS, Desigo, APOGEE, and TALON
Vulnerability: Business Logic Errors
2.

Delta Electronics CNCSoft (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution or information disclosure.

Mitsubishi Electric MELSOFT iQ AppPortal (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, Infinite Loop 2.

Inkscape in Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Inkscape Equipment: Inkscape, an open-source graphics editor Vulnerabilities: Out-of-bounds Read, Access of Uninitialized Pointer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthorized information disclosure and code execution.

Cambium Networks cnMaestro (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Cambium Networks Equipment: cnMaestro Vulnerabilities: OS Command Injection, SQL Injection, Path Traversal, Use of Potentially Dangerous Function 2.

Siemens Industrial PCs and CNC devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Industrial PCs and CNC devices Vulnerabilities: Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, Improper Privilege Management 2.

Siemens SIMATIC WinCC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC PCS, WinCC Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to escape the kiosk mode.

Siemens SICAM P850 and SICAM P855 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siemens SICAM P850 and SICAM P855 Vulnerabilities: Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, Improper Authentication 2.

Siemens Industrial Products with OPC UA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET PC, SITOP Manager, TeleControl Server Basic Vulnerability: Null Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device by sending uncertain status code in a response message.

Siemens JT2GO and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2GO, Teamcenter Visualization Vulnerabilities: Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, Access of Uninitialized Pointer 2.

Siemens Desigo PXC and DXR Devices (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: PXC and DXR Devices
Vulnerabilities: Special Element Injection, Uncontrolled Resource Consumption, Use of Password Hash with Insufficient Computational Effort, Insufficient Session Expiration, Observable Discrepancy, Improper Restriction of Excessive Authentication Attempts, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute, Uncaught Exception

Siemens SIMATIC CP 44x-1 RNA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP 442-1 RNA, 443-1 RNA Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

Siemens Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC Foundation Local Discovery Server of several industrial products Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on the service or the device.

Siemens Industrial Devices using libcurl (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash and allow an attacker to interfere with the affected products in various ways.

Siemens Simcenter Femap (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could cause code execution if the affected application is used to open a malicious .NEU file.

Siemens OpenV2G (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: OpenV2G Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to trigger a memory corruption.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities may lead the binary to crash or allow an attacker to view files on the application server filesystem.

Siemens OpenSSL Vulnerabilities in Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/high attack complexity Vendor: Siemens Equipment: Siemens Industrial Products Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition if a maliciously crafted renegotiation message is sent.

Mitsubishi Electric GT25-WLAN (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Wireless LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27 Vulnerabilities: Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, Improper Input Validation 2.

Siemens SIMATIC WinCC and PCS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2.

Siemens SIMATIC WinCC (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC Vulnerabilities: Path Traversal, Insertion of Sensitive Information into Log File 2.

Siemens Nucleus RTOS-based APOGEE and TALON Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Nucleus RTOS based APOGEE and TALON Products
Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Buffer Access with Incorrect Length Value, Integer Underflow, Improper Handling of Inconsistent Structural Elements

Siemens VxWorks-based Industrial Products (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Wind River VxWorks-based Industrial Products Vulnerability: Heap-based Buffer Overflow 2.

Siemens SIMATIC RFID (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC RF Products Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-159-13 Siemens SIMATIC RFID Readers that was published June 8, 2021, on the ICS webpage on www.cisa.gov/uscert.

Almost Two-thirds of Organizations Have Responded to a Cyberattack with a Disaster Recovery Solution in the Last 12 Months, According to New Research (Business Wire) Zerto, a Hewlett Packard Enterprise company, recently commissioned IDC to conduct a major ransomware and disaster preparedness survey, which revealed

Kaspersky finds nine in ten organizations previously attacked by ransomware would pay ransom if targeted again (GlobeNewswire News Room) For Anti-Ransomware Day 2022, Kaspersky took a snapshot of business executives’ attitudes toward ransomware…

A single telecom accounted for 20% of DDoS attacks in Q1, Lumen finds (Fierce Telecom) Telecommunications companies continued to be a key target for distributed denial of service (DDoS) attacks in Q1 2022, as the number of attacks jumped 32% year on year, a new Lumen report showed. | Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs, told Fierce the growing size of both bandwidth and packet attacks is alarming.

Security Experts Are Starting to Get Overwhelmed by Cyber Attacks According to This Report (Digital Information World) Around 65% of security experts and industry leaders have witnessed cyber attack attempts increasing over the past year.

Marketplace

BalkanID Raises $6M for Intelligent IGA Technology (SecurityWeek) Texas startup Balkan ID banks $5.75 million in seed funding to help organizations find and remediate risky privileges across SaaS and public cloud infrastructure.

Arctic Wolf Launches Data Exploration Module to Accelerate the Speed and Ease of Answering Critical Security Questions (Arctic Wolf) Arctic Wolf Security Operations Cloud continues to reach world-class scale, now processing over two trillion security events per week

StackHawk raises $20.7M for dynamic app testing platform (VentureBeat) Stackhawk announces it has raised $20.7 million for a dynamic app testing platform that can identify code issues throughout CI/CD.

Zero Trust Firm Xage Security Adds $6 Million ‘Top-up’ to $30 Million Series B Funding (SecurityWeek) Zero Trust security firm Xage has raised a $6 million top-up to the $30 million Series B funding it secured in January 2022.

CyberArk Ventures Launches with $30 Million Fund to Fuel Innovative Cybersecurity Technologies (Yahoo) NEWTON, Mass. & PETACH TIKVA, Israel, May 12, 2022–CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the launch of CyberArk Ventures – a $30 million global investment fund designed to empower the next generation of disruptors solving complex security challenges with innovative technology. CyberArk has initially aligned with four venture capital investors: Venrock, YL Ventures, Team8 Capital and Merlin Ventures. CyberArk Ventures also announced today that it has co

A Look at Early Stage Venture Investment Activity in the Preceding Decade and how the Coronavirus (COVID-19) plays into 2020 (DataTribe) Venture capital investment activity can fluctuate year-to-year due to a variety of reasons ranging from macroeconomic conditions to geopolitical concerns. As an early-stage startup foundry…

Size of Early Stage Cyber Deals Continues to Surge: DataTribe (SecurityWeek) Early stage cyber deals continue to surge in terms of valuation and round size, and cyber may be more resilient to economic conditions compared to other verticals.

3 Predictors of Cybersecurity Startup Success (Dark Reading) Before investing, venture capitalists should consider a trio of business characteristics that seem to correlate with commercial success, based on meetings with over 2,000 cybersecurity startups.

An email security startup plans to double its staff after raising a $100M round (Silicon Valley Business Journal) Material Security has held the line on spending to date. But as other companies are reining in costs, it’s planning to boost its workforce.

Praetorian Named to Inc. Magazine’s Best Workplaces List 2022 (Business Wire) Praetorian is named to Inc. Magazine’s Best Workplaces List 2022 & recognized for excellence in creating an exceptional workplace and company culture.

China Tech’s Grip Persists in US Long After Orders to Rip It Out (Bloomberg) Rural telecom providers, corporate jets, even the Department of Defense retain gear made by Huawei and other banned companies

Local firm to support RAAF cyber capabilities with Lockheed Martin (Australian Aviation) Local cyber company Penten has been tapped by the global defence prime to deliver advanced cyber security capabilities in support of its joint ‘system of systems’ offering for the RAAF.

Twitter board ‘held hostage’ as Elon Musk puts takeover on hold – live updates (The Telegraph) Elon Musk has said his planned $44bn takeover of Twitter is on hold amid concerns about the number of fake or spam accounts on the site.

Tessian Appoints Chief Financial Officer to Continue Growth in North America Market (RealWire) San Francisco, 12 May 2022 – Email security company Tessian today announces the appointment of its new Chief Financial Officer, Daniel Kim to supercharge the company’s fast-paced growth and their expansion in the North America market

Egnyte Appoints Ravi Chopra as Chief Financial Officer (PRWeb) Egnyte, a leader in cloud content security and governance, today announced the appointment of Ravi Chopra as Chief Financial Officer (CFO). In this role

Socure Names Security Veteran Chad Kalmes as Chief Information Security Officer (Business Wire) Today Socure, the leading provider of digital identity verification and fraud solutions, announced the hiring of Chad Kalmes as Chief Information Secu

LookingGlass finds its next CEO through acquisition (Washington Technology) A former senior official at the DHS Cybersecurity and Infrastructure Security Agency will lead LookingGlass through its next phase of growth.

Products, Services, and Solutions

Votiro Achieves SOC 2 Type II Compliance for Votiro Cloud (Business Wire) Votiro announces the successful completion of a SOC 2 Type II compliance audit performed by Fahn Kanne Grant Thornton Israel.

Privacera Announces Most Complete Data Access Governance for Diverse Cloud Analytical Workloads (PR Newswire) Privacera, the unified data access governance leader founded by the creators of Apache Ranger™, today announced the release of Privacera…

Egnyte Enhances Program for Managed Service Providers (PRWeb) Egnyte, a leader in cloud content security and governance, has enriched its partner program based on feedback from active partners to better serve its c

Egnyte Enhances Program for Managed Service Providers (Dark Reading) Enhancements to the program include unique packages, faster response time for invoicing, and dedicated training for new solutions.

Fortinet castles networking and security platform with new suite of FortiGate Network Firewalls (Manufacturing Today) Announces a suite of new FortiGate appliances featuring ASIC-based performance acceleration and integrated AI-powered FortiGuard security services.

LogicHub Security Automation Capabilities Review (LogicHub) SANS Institute reviews the LogicHub SOAR and XDR platform, MDR service, and new AI threat detection assistant.

Zerto unveils updates to ransomware recovery capabilities (SecurityBrief Asia) Organisations face increased risks from the volume and sophistication of ransomware attacks prevalent today.

ID Quantique élargit la série XG avec le lancement de Clavis XG : la solution de distribution de clés quantiques (QKD) longue distance et dorsale d’IDQ, le nec plus ultra en matière de sécurité quantique (Benzinga France) ID Quantique élargit la série XG avec le lancement de Clavis XG : la solution de distribution de clés quantiques (QKD) longue distance et dorsale d’IDQ, le nec plus ultra en matière de sécurité quantique

HackerOne launches Attack Resistance Management solution (SecurityBrief Australia) HackerOne has launched Attack Resistance Management – a new category of security solution that targets the root causes of the attack resistance gap. 

CREST partners with Immersive Labs to offer course focused on incident response (SC Magazine) CREST, a leading international non-profit cybersecurity accreditation and certification organization, announced plans this week to partner with Immersive Labs to help CREST members develop their defensive and offensive cybersecurity skills.

Technologies, Techniques, and Standards

NIST Releases Guidance on Supply Chain Security (JD Supra) The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain…

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius (Threatpost) Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company’s attack surface and the “blast radius” of a potential attack.

Cybersecurity of 5G networks: EU publishes report on the security of Open RAN (European Commission – European Commission) Today, EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published a report on the cybersecurity of Open RAN.

12 tips for MSPs from global security agencies (CRN Australia) From the latest report by the ACSC and 12 international security authorities.

Space Force Offers Free Cyber Scanning to Commercial Satellite Vendors (Via Satellite) The U.S. Space Force is offering free, non-attributable cybersecurity supply chain and vulnerability scanning services to both its

Analysis: South Korea’s high-speed 5G mobile revolution gives way to evolution (Reuters) South Korea was the first country to launch a fifth-generation mobile network in 2019, heralding a warp-speed technological transformation to self-driving cars and smart cities.

Food supply chains face cybersecurity threats (Food) Ilan Barda, CEO at Israeli cybersecurity company Radiflow, explores cyber threats to the food supply chain and how businesses can protect themselves

Why Its So Important For Organisations To Put Staff Welfare First When A Cyber-attack Strikes. (Information Security Buzz) At CyberUK2022, The NCSC published fresh guidelines on how organisations can prioritise staff welfare in their cyber incident response plans: https://www.ncsc.gov.uk/guidance/putting-staff-welfare-at-the-heart-of-incident-response

Design and Innovation

Google to create security team for open source projects (The Record by Recorded Future) The “Open Source Maintenance Crew” will be tasked with improving the security of critical open source projects.

Google Will Use Mobile Devices to Thwart Phishing Attacks (Dark Reading) In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

Transitioning organizations to post-quantum cryptography (Nature) Standards and recommendations for transitioning organizations to quantum-secure cryptographic protocols are outlined, including a discussion of transition timelines and the leading strategies to protect systems against quantum attacks.

Research and Development

Facebook’s new language model has ‘high propensity to generate toxic language and reinforce harmful stereotypes’ (Computing) The researchers believe the technology is not yet mature enough for commercial deployment

Academia

Lincoln College To Close Permanently After Cyberattack – 5 Cyber Experts Comment (Information Security Buzz) Lincoln College (a private IL college named for Abraham Lincoln) announced that it is closing as a result of the financial burdens of the pandemic and a devastating December 2021 cyberattack “that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections.

ESET Announces Winners of 2022 Women in Cybersecurity Scholarship Awards (PR Newswire) ESET, a global leader in digital security, today announced the winners of the seventh annual ESET Women in Cybersecurity Scholarships. The…

Legislation, Policy, and Regulation

Costa Rica declares emergency in ongoing cyber attack (AP NEWS) SAN JOSE, Costa Rica (AP) — After a month of crippling ransomware attacks, Costa Rica has declared a state of emergency. In theory, the measure usually reserved to deal with natural disasters or the COVID-19 pandemic would free up the government to react more nimbly to the crisis.

EU’s plan to combat online child abuse may compromise people’s online privacy, experts warn (Computing) Under proposed rules, tech firms could be asked to detect both new and previously identified child sexual abuse material by breaking encryption if necessary

A quick guide to the most important AI law you’ve never heard of (MIT Technology Review) The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

EU governments, lawmakers agree on tougher cybersecurity rules for key sectors (Reuters) EU countries and lawmakers agreed on Friday to tougher cybersecurity rules for large energy, transport and financial firms, digital providers and medical device makers amid concerns about cyber attacks by state actors and other malicious players.

Russia Pushes Law to Force Taxi Apps to Share Data With Spy Agency (SecurityWeek) Russian authorities have been ramping up restrictions on public freedoms since the start of Moscow’s offensive in Ukraine on February 24.

Happy EOnniversary: One Year of Action Since President Biden’s Cybersecurity Executive Order (Mayer Brown) Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

A year later, Biden’s cybersecurity executive order driving positive change (CSO Online) Notable experts say the cybersecurity executive order has improved the nation’s security posture, but more work is to be done.

Biden extends US telecom supply chain order aimed at Huawei, ZTE (The Record by Recorded Future) The Trump-era executive order prohibited U.S. companies from using telecommunications equipment from Chinese companies.

Building a Cyber Force Is Even Harder Than You Thought (War on the Rocks) In the past decades, over 40 states have publicly established some sort of military cyber command, with at least a dozen more planning to do so. Yet

Army Cyber leaders discuss development of Army, joint cyber workforce (DVIDS) Lt. Gen. Maria B. Barrett spoke on the successes and challenges in the growth of the Army’s cyber workforce for the information age, at the Armed Forces Communications-Electronics Association’s Cyber Education, Research and Training Symposium (CERTS) in Augusta, Ga., May 11, 2022.

In Cyberspace, No One Can Hear You Bluff (CIMSEC) General Paul Nakasone – Commander, U.S. Cyber Command (USCC) and Director, National Security Agency (NSA) – asserts that “traditional military deterrence is binary in regard to conflict and a deterrence model…does not comport to cyberspace where much of the nefarious cyber activity plays out non-stop in an ambiguous strategic gray zone.” While this article is in agreement with the “futility of totally deterring adversaries from operating in cyberspace and instead actively disrupting those activities before they can inflict damage,” it takes the position of respectfully disagreeing that traditional deterrence is binary and the rules of traditional deterrence do not hold in cyberspace.

Businesses Seek to Soften SEC Cyber Rules (Wall Street Journal) Lobbying groups and companies are expressing concern over public disclosure requirements.

CIA selects new CISO with deep private sector experience (The Record by Recorded Future) Joseph “Rich” Baich most recently worked at American Insurance Group (AIG) as its global chief information security officer.

The 688th Cyberspace Wing activates the 692nd Cyberspace Operations Squadron to consolidate operations, enhance Air Force security and capabilities (DVIDS) The 688th Cyberspace Wing held an activation ceremony for the 692nd Cyberspace Operations Squadron, April 20, 2022 at Elgin Air Force Base, Florida.

The Governor of Maryland has signed laws to boost cybersecurity (Bollyinside) On Thursday, Maryland Governor Larry Hogan signed legislation to boost cybersecurity in state and municipal governments, following legislation and

Conn. Privacy Law Hikes Pressure On Congress To Set Rules (Law360) With Connecticut enacting the nation’s fifth consumer privacy law, businesses are increasingly electing to roll out their new obligations to users nationwide rather than state-by-state and are intensifying their call for Congress to set a firm federal standard. 

Litigation, Investigation, and Law Enforcement

F.B.I. Told Israel It Wanted Pegasus Hacking Tool for Investigations (New York Times) A 2018 letter from the bureau to the Israeli government is the clearest documentary evidence to date that the agency weighed using the spyware for law enforcement operations.

Report: FBI weighed operational use of Israeli firm NSO’s Pegasus spyware (Times of Israel) Agency said to have written of its intentions to Israeli Defense Ministry; it previously said it purchased the software for learning purposes only

Prosecutors Pursue Inquiry Into Trump’s Handling of Classified Material (New York Times) A federal grand jury has issued at least one subpoena, and investigators are seeking interviews in the case of sensitive documents that ended up at the former president’s Florida home.

Sturgeon in new secrecy row after ‘hiding behind GDPR’ over Ewing bullying probe (HeraldScotland) NICOLA Sturgeon has been accused of having “hidden behind” data protection laws after she suggested the outcome of bullying allegations against…

Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme (CyberScoop) The defendant earned roughly $80,000 from his crimes between 2017 and 2019, prosecutors said.

Ukrainian sentenced to 4 years for selling hacked passwords (The Record by Recorded Future) A Ukrainian man was sentenced Thursday to four years in federal prison and ordered to pay back illegally obtained profits made by selling decrypted usernames and passwords online. 

Two held via Garda cybercrime investigation with FBI (The Irish Times) During Cork operation a 40-year-old man and 42-year-old woman arrested

U.S. cities are backing off banning facial recognition as crime rises (Reuters) Facial recognition is making a comeback in the United States as bans to thwart the technology and curb racial bias in policing come under threat amid a surge in crime and increased lobbying from developers.

Ex-eBay exec charged with harassing newsletter publishers pleads guilty (Reuters) A former eBay Inc security executive pleaded guilty on Thursday to participating in a campaign to harass a Massachusetts couple who ran an online newsletter that involved sending them disturbing home deliveries like cockroaches and a funeral wreath.

Former Lulzsec and Anonymous hacktivist ‘Topiary’ discusses his criminal past (Computing) The former hacker also recommends cyber security strategies for organisations of all sizes



Original Source link

Leave a Reply

Your email address will not be published.

+ two = eight