226 matches found
Cyber Security Is Not a Losing Game – If You Start Right Now
Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack. As usual, everyone cried "foul play" and suggested that proper...
PT-2022-6079 · Rockwell Automation · Compactlogix +3
Name of the Vulnerable Software and Affected Versions: Rockwell Automation controllers affected versions not specified Rockwell Automation CompactLogix, ControlLogix, GuardLogix affected versions not specified Description: A vulnerability exists in the Rockwell Automation controllers that allows ...
Implementing Defense in Depth to Prevent and Mitigate Cyber Attacks
The increased use of information technology in our everyday life and business has led to cyber-attacks becoming more sophisticated and large-scale. For organizations to thrive in this era of technology, they must develop robust security strategies to detect and mitigate attacks. Defense in depth ...
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
Summary Actions to Help Protect Against APT Cyber Activity: • Enforce multifactor authentication MFA on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on...
PT-2022-6636 · Cisco · Cisco Wireless Lan Controller +1
Name of the Vulnerable Software and Affected Versions: Cisco Aironet Access Points affected versions not specified Cisco Wireless LAN Controller WLC affected versions not specified Description: The issue is related to insufficient access control in the software of Cisco Aironet Access Points and...
ALSA-2022:6439 Moderate: booth security update
The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network...
Phoenix Contact Classic Line Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC, AXC, RFC, PC WORX, FC Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. Called Ransomware for IoT or R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT...
FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks
Network credentials and virtual private network VPN access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, cou...
Open Automation Software Platform Engine cleartext transmission of sensitive information vulnerability
Summary A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can...
You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
Lately, I’ve started wondering if the biggest risk concerning cyberattacks is that we’re becoming desensitized to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like your efforts ...
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
On May 4, 2022, F5 released an advisory listing several vulnerabilities, including CVE-2022-1388, a critical authentication bypass that leads to remote code execution in iControl REST with a CVSSv3 base score of 9.8. The vulnerability affects several different versions of BIG-IP prior to 17.0.0,...
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March...
Schneider Electric Cleartext Transmission of Sensitive Information in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25178)
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...
Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element (CVE-2020-25182)
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...
Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information (CVE-2020-25178)
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote...
Schneider Electric Uncontrolled Search Path Element in embedded Rockwell Automation ISaGRAF5 Runtime (CVE-2020-25182)
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft...
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Rarely a month goes by without the infosec industry being plagued by a new zero-day apocalypse. Most recently in December 2021, the world was swept by a series of vulnerabilities in Log4J – a popular logging system used by thousands of systems around the world. While writing this article, the...
The reality of OT segregation
One of the areas I find most fascinating about industrial control systems and related operational technology is the perception that OT networks are segregated and isolated from the wider IT network. We’re often told that “IT and OT are totally separated” as there’s a genuine belief that OT is...
Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...