10-30-17 – News This Week

Industrial Products Also Vulnerable to KRACK Wi-Fi Attack
In the case of Cisco, many of the company’s products are affected, including Cisco 829 Industrial Integrated Services routers and Industrial Wireless 3700 series access points. The networking giant has yet to release patches for the vulnerable industrial products. However, workarounds are available for six of the flaws.
http://www.securityweek.com/industrial-products-also-vulnerable-krack-wi-fi-attack

A Checklist for Securing the Internet of Things
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
https://www.darkreading.com/iot/a-checklist-for-securing-the-internet-of-things/a/d-id/1330209

A BUG IN A POPULAR MARITIME PLATFORM LEFT SHIPS EXPOSED
A report published Thursday outlines two flaws in the AmosConnect 8 web platform, which ships use to monitor IT and navigation systems while also facilitating messaging, email, and web browsing for crewmembers.
https://www.wired.com/story/bug-in-popular-maritime-platform-isnt-getting-fixed/

A common satellite comms package for ships and oil rigs has a backdoor that won’t be patched
Apparently, internet communications packages are isolated from internal ship networks that control steering, navigation and propulsion. However, access to the ship’s internet would be a boon to pirates and state actors wishing to monitor ships’ communications and learn about cargoes, destinations, and locations

A common satellite comms package for ships and oil rigs has a backdoor that won’t be patched

Security Flaw Could Have Let Hackers Turn on Smart Ovens
A security flaw in LG’s smart home devices gave hackers a way to control the household appliances of millions of customers, including the ability to turn on ovens, a computer security firm revealed on Thursday.
http://www.securityweek.com/security-flaw-could-have-let-hackers-turn-smart-ovens

Hackers can force airbags to deploy
Common Vulnerabilities and Exposures number 2017-14937: in unspecified post-2014 passenger car models, the explosive charge that deploys the airbag is controlled by an instruction that is secured by one of only 256 keypairs, and there is no rate-limit on authentication attempts over the CAN bus

Hackers can force airbags to deploy

US-CERT: hackers are targeting our critical infrastructure
US-CERT (US Computer Emergency Readiness Team), which operates under DHS, and the FBI, issued an “alert” titled, “Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors” last Friday, focused on what it said were, “APT actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.”
US-CERT: hackers are targeting our critical infrastructure

US Critical Infrastructure Target of Russia-Linked Cyberattacks
Nation-state actors are trying to gain access to vital industrial control systems (ICS) at US energy companies and other critical infrastructure organizations via the networks of their suppliers and trusted third parties, the United States government has warned
https://www.darkreading.com/attacks-breaches/us-critical-infrastructure-target-of-russia-linked-cyberattacks/d/d-id/1330196

Feds warn energy, aviation companies of hacking threats
Hackers have been targeting the nuclear, energy, aviation, water and critical manufacturing industries since May, according to Reuters. It’s even serious enough for Homeland Security and the FBI to email firms most at risk of attacks, warning them that a group of cyberspies had already succeeded in infiltrating some of their peers’ networks, including at least one energy generator
https://www.engadget.com/2017/10/22/feds-warn-energy-hacking-threats/

DHS’ Dragonfly ICS campaign alert isn’t enough, experts say
The Department of Homeland Security released an alert confirming the Dragonfly ICS cyberattack campaign, but experts said more action is needed to protect critical infrastructure.
http://searchsecurity.techtarget.com/news/450428840/DHSs-Dragonfly-ICS-campaign-alert-isnt-enough-experts-say

One-Third of Industrial Networks Connected to Internet
Many industrial and critical infrastructure systems are connected to the Internet, and the operational technology (OT) networks of some organizations have already been compromised, according to a new study from industrial security firm CyberX
http://www.securityweek.com/one-third-industrial-networks-connected-internet-study

DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure
The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technical alert warning that government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors are subject to an ongoing attack campaign from an advanced actor, most probably Dragonfly
http://www.securityweek.com/dhs-fbi-warn-ongoing-apt-attack-against-critical-infrastructure

Reaper: Calm Before the IoT Security Storm?
It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks
https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/

Posted in Uncategorized.