News

This is a archive for News.

Friday, April 20, 2018 @ 01:04 PM gHale

Siemens has a mitigation plan to take care of a file and directory information exposure vulnerability in its Simatic WinCC OA iOS App, according to a report with ICS-CERT. Successful exploitation of this vulnerability, discovered by Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi, could allow an attacker with physical access to read sensitive data located in the app’s directory. RELATED STORIES
Abbott Updates Defibrillator
Biosense Fixes System Vulnerabilities
Schneider Software Plan for InduSoft, InTouch Hole
Schneider Updates its Triconex Tricon Simatic WinCC OA Operator iOS App: All Versions suffer from

Friday, April 20, 2018 @ 12:04 PM gHale

A leak at the Delaware City Refining Co. led to the release of more than 100 pounds of hydrogen sulfide and sulfur dioxide, state environmental officials said. The release was reported at 2:15 p.m. on Wednesday at the refinery in Delaware City, DE, said officials at the Delaware Department of Natural Resources and Environmental Control (DNREC). RELATED STORIES
Chem Fire at Chicken Plant Forces Evac
Underground Coal Plant Fire
Workers Halt Ammonia Leak
Blaze at AL Auto Parts Plant The leak came from a process unit and was ongoing at the time

Thursday, April 19, 2018 @ 03:04 PM gHale

Microsoft engineer Raymond Uadiale is facing money laundering charges in his role in a series of ransomware attacks that generated $130,000, federal law enforcement officials said. Uadiale, 41, who has been a Microsoft employee since 2014, worked with an individual known as K!NG and based in the United Kingdom, between October 2012 and March 2013. K!NG was responsible for infecting computers with Reveton ransomware, while the now-Microsoft employee was in charge of obtaining prepaid debit cards used in the scheme, officials said. RELATED STORIES
Russian Man Extradited to U.S.
20 Busted for Phishing Attack

Wednesday, April 18, 2018 @ 02:04 PM gHale

Schneider Electric Software, LLC has a mitigation plan to address a stack-based buffer overflow in its InduSoft Web Studio, InTouch Machine Edition, according to a report with ICS-CERT. Successful exploitation of this vulnerability during tag, alarm, or event related actions could allow remote code execution that, under high privileges, could completely compromise the device. RELATED STORIES
Schneider Updates its Triconex Tricon
Rockwell Plan on Stratix Services Router Fix
Rockwell Updates Stratix, ArmorStratix Switches
Rockwell Mitigation Plan for Ethernet Switch Tenable Research reported this vulnerability to Schneider Electric Software, which then coordinated with

Wednesday, April 18, 2018 @ 02:04 PM gHale

Schneider Electric has an upgrade plan for its Triconex Tricon, model 3008 that mitigates improper restriction of operations within the bounds of a memory buffer vulnerabilities, according to a report with ICS-CERT. Successful exploitation of these vulnerabilities could misinform or control the Safety Instrumented System (SIS) which could result in arbitrary code execution, system shutdown, or the compromise of safety systems. RELATED STORIES
Rockwell Plan on Stratix Services Router Fix
Rockwell Updates Stratix, ArmorStratix Switches
Rockwell Mitigation Plan for Ethernet Switch
Moxa Clears Router Holes This vulnerability was discovered by NCCIC and

Wednesday, April 18, 2018 @ 02:04 PM gHale

Rockwell Automation has a mitigation plan to handle multiple vulnerabilities in its Allen-Bradley Stratix 5900 Services Router, according to a report with ICS-CERT. The remotely exploitable vulnerabilities are an improper input validation, improper restriction of operations within the bounds of a memory buffer and use of externally-controlled format string. RELATED STORIES
Rockwell Updates Stratix, ArmorStratix Switches
Rockwell Mitigation Plan for Ethernet Switch
Moxa Clears Router Holes
Yokogawa’s Mitigations for CENTUM, Exaopc Hole Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart,

Wednesday, April 18, 2018 @ 01:04 PM gHale

Rockwell Automation has an upgrade to mitigate multiple vulnerabilities in its Allen-Bradley Stratix and ArmorStratix Switches, according to a report with ICS-CERT. The remotely exploitable vulnerabilities are an improper input validation, resource management errors, 7PK – errors, improper restriction of operations within the bounds of a memory buffer, use of externally-controlled format string. RELATED STORIES
Rockwell Mitigation Plan for Ethernet Switch
Moxa Clears Router Holes
Yokogawa’s Mitigations for CENTUM, Exaopc Hole
Omron Releases Update for CX-One Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by

Wednesday, April 18, 2018 @ 01:04 PM gHale

Rockwell Automation released a mitigation plan to handle multiple vulnerabilities in its Allen-Bradley Stratix Industrial Managed Ethernet Switch, according to a report with ICS-CERT. The vulnerabilities include an improper input validation, resource management errors, 7PK – errors, improper restriction of operations within the bounds of a memory buffer, and use of externally-controlled format string. RELATED STORIES
Moxa Clears Router Holes
Yokogawa’s Mitigations for CENTUM, Exaopc Hole
Omron Releases Update for CX-One
Mitigation Strategy for Rockwell’s MicroLogix Successful exploitation of these remotely exploitable vulnerabilities could result in loss of availability, confidentiality, and/or integrity

Wednesday, April 18, 2018 @ 12:04 PM gHale

Critical infrastructure, governments and Internet service providers (ISPs) are all areas Russian state-sponsored hackers are targeting on a global basis, according to a joint technical alert released this week. The focus of the attacks are “government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors,” according to the alert released by the U.S. Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). RELATED STORIES
Pipeline Firms Hit; Gas Still Flowing
Cyber is ‘Core’ to Digital Future
SANS: ‘Unique’

Wednesday, April 18, 2018 @ 10:04 AM gHale

By Gregory Hale
An attack that shut down a gas facility in Saudi Arabia last August was entirely preventable if proper security hygiene was in play. In that August attack, the Saudi critical infrastructure user suffered a shutdown of its facility and the controllers of a targeted Triconex safety system failed safe. During an initial investigation security professionals noticed there were some suspicious things going on and that is when they found malware. The safety instrumented system (SIS) engineering workstation was compromised and had the Triton (also called Trisis and HatMan) malware deployed on it. The distributed control system