Viasat and the terrible, horrible, no good, very bad day

Welcome to this week's edition of the Threat Source newsletter. A year ago, fresh off a layoff, I never would have guessed I'd be spending Halloween weekend bouncing between conversations about space policy, satellite hacking, and wedding plans. That's exactly what happened when my space analyst...

EUVD-2015-3981

Malware in sbrugna...

EUVD-2016-3371

Malware in sbrugna...

Satellites are critical infrastructure and need to be cybersecured

In the context of this article we will use the term satellite for a machine that is launched into space and moves around Earth. And there might be a lot more of them than you would expect—this live map tracks a huge number of satellites. Originally most of earth’s satellites were launched for...

PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summaryAzerbaijan government and energy sector likely targeted by an unknown actor.From the energy sector, the actor demonstrates interest in SCADA systems related to wind turbines.The actor uses Word documents to drop malware that allows...

Wind turbines - meteo station - MIT license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Wind turbines - meteo station published at the 'play' market has multiple vulnerabilities...

CVE-2016-2287

The CVE-2016-2287 vulnerability affects XZERES 442SR Wind Turbine OS: a Cross-Site Scripting (CWE-79) flaw in the web-based interface due to inadequate input validation, enabling remote injection of script/HTML via unspecified vectors. ICS-CERT Update C confirms XZERES has produced a patch to mit...

CVE-2015-3950

CVE-2015-3950 is a CSRF vulnerability in XZERES 442SR OS (Wind Turbine 442SR) that allows a remote attacker to hijack the admin’s session by using a crafted GET request to switch the default admin user. Affected component: the 442SR OS web interface; root cause reported as CSRF via GET leading to...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request...

CVE-2015-0985

The CVE-2015-0985 entry concerns the XZERES 442SR Wind Turbine OS. The vulnerability is a Cross-Site Request Forgery (CSRF) in the 442SR Web interface that can allow an attacker to hijack an admin’s session and perform actions such as changing the default admin password via a crafted GET request....

ICS-CERT Warns of Flaw in Wind Farm Management App

The ICS-CERT is warning users about a reflected cross-site scripting vulnerability in a control interface for a wind-farm control portal manufactured by Nordex. The bug is remotely exploitable and could enable an attacker to run code on a vulnerable machine. The Nordex NC2 is a control portal for...