News

This is a archive for News.

Friday, December 14, 2018 @ 05:12 PM gHale

Medtronic has a plan in motion to handle a missing encryption of sensitive data vulnerability in its 9790 CareLink Programmer, 2090 CareLink Programmer, and 29901 Encore Programmer, according to a report with NCCIC. As part of the intended functionality of this device, it may store protected health information (PHI) or personally identifiable information (PII). Successful exploitation of the vulnerability, discovered by Researchers Billy Rios and Jonathan Butts of Whitescope LLC, may allow an attacker with physical access to an affected programmer to access PHI or PII stored on the device. RELATED STORIES
Schneider Upgrade for Electric GUIcon Hole
More

Friday, December 14, 2018 @ 05:12 PM gHale

Schneider Electric has an upgrade to mitigate type confusion and stack-based buffer overflow vulnerabilities in its Eurotherm by Schneider Electric GUIcon, according to a report with NCCIC. Successful exploitation of these vulnerabilities may allow an attacker to execute code with privileges within the context of the application. RELATED STORIES
Siemens Fixes Input Validation Holes
Geutebrück Updates Hole in IP Cameras
GE Mitigates Path Traversal Hole
SINAMICS PERFECT HARMONY GH180 Hole Fixed Eurotherm by Schneider Electric GUIcon Version 2.0 (Gold Build 683.0) suffer from the vulnerabilities discovered by mdm and rgod of 9SG

Friday, December 14, 2018 @ 05:12 PM gHale

Siemens has an update available to mitigate improper input validation vulnerabilities in its EN100 Ethernet Communication Module and SIPROTEC 5 relays, according to a report with NCCIC. Successful exploitation of these remotely exploitable vulnerabilities could cause a denial-of-service condition of the network functionality of the device, compromising the availability of the system. RELATED STORIES
Geutebrück Updates Hole in IP Cameras
GE Mitigates Path Traversal Hole
SINAMICS PERFECT HARMONY GH180 Hole Fixed
Siemens Fixes SINUMERIK Controllers Siemens said the vulnerabilities, discovered by Victor Nikitin, Vladislav Suchkov, and Ilya Karpov from ScadaX, affect the

Friday, December 14, 2018 @ 02:12 PM gHale

Geutebrück GmbH has a firmware update to mitigate an OS command injection vulnerability in its E2 Camera Series, according to a report with NCCIC. Successful exploitation of this remotely exploitable vulnerability may allow a remote attacker to inject OS commands as root. RELATED STORIES
GE Mitigates Path Traversal Hole
SINAMICS PERFECT HARMONY GH180 Hole Fixed
Siemens Fixes SINUMERIK Controllers
Rockwell Fixes MicroLogix, ControlLogix Modules E2 series cameras running firmware versions prior to 1.12.0.25 suffer from the issue, discovered by Davy Douhine of RandoriSec. Douhine validated the new version of the firmware resolves

Friday, December 14, 2018 @ 02:12 PM gHale

GE has an update available to mitigate a path traversal vulnerability in its Mark VIe, EX2100e, EX2100e_Reg, and LS2100e, according to a report with NCCIC. Successful exploitation of this vulnerability, discovered by Can Demirel of Biznet Bilisim, could allow an attacker to access system data, which could result in escalation of privilege and unauthorized access to the controller. RELATED STORIES
SINAMICS PERFECT HARMONY GH180 Hole Fixed
Siemens Fixes SINUMERIK Controllers
Rockwell Fixes MicroLogix, ControlLogix Modules
GE Proficy GDS Mitigates Vulnerability A distributed control system , the following versions of the Mark Vie

Friday, December 14, 2018 @ 02:12 PM gHale

Just the thought of the destructive path of the Shamoon malware from a few years ago should send chills down the spine of security professionals. Now there was a new variant of the malware this week uploaded to VirusTotal. RELATED STORIES
College Hit by Attack, Loses $807,130
Oil Giant Attacked to Steal Money
Supply Chain Security, a Charter Requirement
Siemens Boosting Security Presence This new version also ended up discovered on the network of Italian oil and gas contractor Saipem, where it destroyed files on about ten percent of the company’s PC

Friday, December 14, 2018 @ 12:12 PM gHale

A Massachusetts community college suffered from a phishing attack that dropped a malware payload designed to steal banking information, which netted thieves $807,130. Although no details regarding the malware used to steal $807,130 from Cape Cod Community College’s banking accounts, the most probable culprits are banking Trojans such as Emotet specifically designed to target and exfiltrate financial info such as bank logins and cryptocurrency wallets. RELATED STORIES
Oil Giant Attacked to Steal Money
Supply Chain Security, a Charter Requirement
Siemens Boosting Security Presence
ROK: Security’s ‘Tower of Babel’ After detecting the initial

Wednesday, December 12, 2018 @ 06:12 PM gHale

By Gregory Hale
A cyber attack is a cyber attack, but sometimes it is different than what was originally thought, which means investigators need to keep an open mind when looking at the details. That is exactly what happened when Cylance got involved in what it thought was an Advanced Persistent Threat (APT) attack against Russian critical infrastructure organizations like the world’s largest oil and gas company, Rosneft. RELATED STORIES
Supply Chain Security, a Charter Requirement
Siemens Boosting Security Presence
ROK: Security’s ‘Tower of Babel’
USB Drives Loaded with ICS-Based Malware

Wednesday, December 12, 2018 @ 03:12 PM gHale

The world’s first “floating” nuclear power plant (FNPP) started up and is at 10 percent of its capacity, according to the Russian state-run atomic energy corporation Rosatom. Rosatom said it had started up the first reactor unit of Akademik Lomonosov, which would be towed to its final destination by next autumn, as scheduled. RELATED STORIES
NRC OK’s Digital Safety System Controller
Quake Hits TN Near Nuke Plant
NRC Accepts VA Nuke License Renewal
Meeting Over IL Nuke Inspection Finding “We successfully conducted tests in accordance with the schedule. There is no doubt

Wednesday, December 12, 2018 @ 02:12 PM gHale

An early morning earthquake Wednesday that measured 4.4 and shook from metro Atlanta and eastern Tennessee was centered right near a nuclear power plant. The quake’s epicenter was a couple of miles from the Watts Bar Nuclear plant, however, no damage was detected at the site. RELATED STORIES
NRC Accepts VA Nuke License Renewal
Meeting Over IL Nuke Inspection Finding
NRC’s Final Environmental Statement for LA Nuke
Diver Exposed to Radiation at AL Nuke “(Tennessee Valley Authority) TVA facilities are designed to withstand seismic events and were not impacted by Wednesday morning’s