ICS Advisory (ICSA-22-090-01)
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data from local files to a remote system controlled by an attacker….
Siemens RUGGEDCOM Devices Vulnerability
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords. 3. TECHNICAL DETAILS…
Orpak SiteOmat
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak (acquired by Gilbarco Veeder-Root) Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of Sensitive Data, Code Injection, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
Four Cyber Security Risks and How to Address Them
Security should be at the top of the mind for any organization. It has been estimated that damages from cyber crime would cost around $6 trillion annually by 2021. With growing threats to information systems and data, it is extremely important for organizations to remain…
Amazon Fire TV and Fire TV Stick Miner Infections on the Rise
Following the large number of viruses that are being developed for Android and iOS devices, latest news is that a large number of Amazon Fire TV and Fire TV Stick devices are being targeted by cryptocurrency miners. The hackers have developed numerous forms of malicious…
How Mirai spawned the current IoT malware landscape
When, in late 2016, US-based DNS provider Dyn suffered a massive DDoS attack that it resulted in the temporary unavailability of many popular online services, the name of the Mirai malware became instantly known outside the cybersecurity industry. Since then, we’ve come to know the…
Operation Prowli Profits On Weak IoT Devices, Servers
A malicious campaign has compromised more than 40,000 machines globally, carrying out traffic-hijacking and cryptomining. Researchers at Guardicore Labs, who called the campaign Operation Prowli, said it targets a variety of platforms – including Drupal CMS websites, WordPress sites, backup servers running HP Data Protector,…
US CERT update on Home Network Security
What is home network security? Home network security refers to the protection of a network that connects devices to each other and to the internet within a home. Whether it’s staying in touch with friends and family, paying your bills electronically, or teleworking, the internet…
Watch out. North Korea keeps getting better at hacking
WASHINGTON — In the latest indication that North Korea’s cyber operations are more sophisticated than commonly realized, computer security researchers have identified a group of government hackers and spies in the hermit kingdom who are capable of stealing documents from computers that aren’t connected to…
Nintendo Switch has been hacked
HACKERS have managed to hack Nintendo’s latest video game console, thanks to a hard-coded flaw in the Nvidia Tegra X1 silicon inside. Read More
Stay connected