10-02-17 – News This Past Week

Serious Flaw Exposes Siemens Industrial Switches to Attacks
The flaw, discovered by Siemens itself and tracked as CVE-2017-12736, affects SCALANCE X industrial ethernet switches, and Ruggedcom switches and serial-to-ethernet devices running the Rugged Operating System (ROS).
http://www.securityweek.com/serious-flaw-exposes-siemens-industrial-switches-attacks

SIEMENS PATCHES IMPROPER ACCESS VULNERABILITY IN RUGGEDCOM PROTOCOL
Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom Discovery Protocol (RCDP) to apply firmware updates this week. The updates resolve a serious and remotely exploitable vulnerability that could let an attacker carry out administrative actions.

Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol

Thousands of Malware Variants Found on Industrial Systems: Kaspersky
According to the company’s “Threat Landscape for Industrial Automation Systems” report for the first six months of the year, nearly 38 percent of the industrial systems protected globally by its products were targeted during this period. This is 1.6 percent less than in the second half of 2016
http://www.securityweek.com/thousands-malware-variants-found-industrial-systems-kaspersky

DDoS Attacks More Likely to Hit Critical Infrastructure Than APTs: Europol
While critical infrastructure has been targeted by sophisticated threat actors, attacks that rely on commonly available and easy-to-use tools are more likely to occur, said Europol in its 2017 Internet Organised Crime Threat Assessment
http://www.securityweek.com/ddos-attacks-more-likely-hit-critical-infrastructure-apts-europol

Caterpillar Eyes Competitive Edge with Connected Asset Security Program
Over the past five years, Caterpillar has provided “tactical” security for its remote-controlled equipment used in its three areas of business – construction, resources, and energy and transportation, says Joseph Zacharias, global head of information security engineering at Caterpillar
https://www.darkreading.com/iot/caterpillar-eyes-competitive-edge-with-connected-asset-security-program/d/d-id/1330001

Threat Landscape for Industrial Automation Systems in H1 2017
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017

Threat Landscape for Industrial Automation Systems in H1 2017

Docs ran a simulation of what would happen if really nasty malware hit a city’s hospitals. RIP :(
Speaking at DerbyCon in Kentucky, USA, on Saturday, three medics with have a side interest in hacking gave an update on their work analyzing security flaws in medical machinery. And, reader, the results weren’t good. On average, a connected device had about 1,000 exploitable CVE flaws, with some going over the 1,400 mark, it was claimed
https://www.theregister.co.uk/2017/09/26/malware_hospital_simulation

Posted in Uncategorized.