03-05-18 – News This Past Week

Delta Patches Vulnerabilities in HMI, PLC Products
A researcher who uses the online moniker “Axt” informed Delta via Trend Micro’s Zero Day Initiative (ZDI) and ICS-CERT that its WPLSoft product, a programming software for programmable logic controllers (PLCs), is affected by several types of vulnerabilities.
https://www.securityweek.com/delta-patches-vulnerabilities-hmi-plc-products

Keeping on top of ICS-focused hacking groups, defenses
“While only one has demonstrated an apparent capability to impact ICS networks through ICS-specific malware directly, all have engaged in at least reconnaissance and intelligence gathering surrounding the ICS environment,” the company noted in a recently published report.

Keeping on top of ICS-focused hacking groups, defenses

Phillips clinical imaging solution plagued by vulnerabilities
Phillips is developing a software update to mitigate 35 CVE-numbered vulnerabilities in the Philips IntelliSpace Portal (ISP), a clinical imaging visualization and analysis solution that is used by healthcare and public health organizations around the world

Phillips clinical imaging solution plagued by vulnerabilities

Philips Working on Patches for 35 Flaws in Healthcare Product
Philips has informed customers that it’s working on patches for dozens of vulnerabilities affecting the company’s IntelliSpace Portal, a visualization and analysis solution designed for healthcare organizations
https://www.securityweek.com/philips-working-patches-35-flaws-healthcare-product

What Enterprises Can Learn from Medical Device Security
In today’s cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks
https://www.darkreading.com/cloud/what-enterprises-can-learn-from-medical-device-security-/a/d-id/1331145

ICS Under Fire in 2017
New Dragos report finds rising number of public vulnerability advisories around ICS with not enough reasonable guidance around how to deal with these flaws
https://www.darkreading.com/vulnerabilities—threats/ics-under-fire-in-2017/d/d-id/1331163

Public Advisories Fail to Convey True Impact of ICS Flaws
Public advisories describing vulnerabilities in industrial control systems (ICS) often fail to convey the true impact of the flaws, according to a report published today by ICS cybersecurity firm Dragos
https://www.securityweek.com/public-advisories-fail-convey-true-impact-ics-flaws

Five Threat Groups Target Industrial Systems
There are at least five sophisticated threat groups whose activities focus on industrial control systems (ICS), according to a report published on Thursday by industrial cybersecurity firm Dragos
https://www.securityweek.com/five-threat-groups-target-industrial-systems-dragos

Emerson Patches Severe Flaw in ControlWave Controllers
Automation solutions provider Emerson has patched a potentially serious denial-of-service (DoS) vulnerability in its ControlWave Micro Process Automation Controller product
https://www.securityweek.com/emerson-patches-severe-flaw-controlwave-controllers

Siemens Releases BIOS Updates to Patch Intel Chip Flaws
Siemens has released BIOS updates for several of its industrial devices to patch vulnerabilities discovered recently in Intel chips, including Meltdown, Spectre and flaws affecting the company’s Management Engine technology
https://www.securityweek.com/siemens-releases-bios-updates-patch-intel-chip-flaws

How to Shield Against IoT Security Threats
While politicians and security experts are constantly warning about the risk of cyber-attacks, they rarely, if ever, mention the risks associated with the Internet of Things (IoT). They should, since there are already plenty of examples of successful IoT security attacks
https://www.securityweek.com/how-shield-against-iot-security-threats

Posted in Uncategorized.