05-21-18 – News This Past Week

Siemens Patches DoS Flaws in Medium Voltage Converters
According to advisories published by ICS-CERT and Siemens, the flaws impact SINAMICS GH150, GL150, GM150, SL150, SM120 and SM150 converters, which are used worldwide in the energy, chemical, critical manufacturing, water and wastewater, and food and agriculture sectors
https://www.securityweek.com/siemens-patches-dos-flaws-medium-voltage-converters

Many Vulnerabilities Found in OPC UA Industrial Protocol
Developed and maintained by the OPC Foundation, OPC UA stands for Open Platform Communications Unified Automation. The protocol is widely used in industrial automation, including for control systems (ICS) and communications between Industrial Internet-of-Things (IIoT) and smart city systems
https://www.securityweek.com/many-vulnerabilities-found-opc-ua-industrial-protocol

‘Allanite’ Group Targets ICS Networks at Electric Utilities in US, UK
The group, tracked as “Allanite,” has been linked to campaigns conducted by Dragonfly (aka Energetic Bear and Crouching Yeti) and Dymalloy, which Dragos discovered while analyzing Dragonfly attacks
https://www.securityweek.com/allanite-group-targets-ics-networks-electric-utilities-us-uk

Internet of Things Security Policies Still Lagging, Report Finds
Internet of things (IoT) security has been a growing concern in recent years, with vulnerabilities continuing to be reported and hackers continuing to launch attacks.
http://www.eweek.com/security/internet-of-things-security-policies-still-lagging-report-finds

A flaw in a connected alarm system exposed vehicles to remote hacking
A bug that allowed two researchers to gain access to the backend systems of a popular internet-connected vehicle management system could have given a malicious hacker everything they needed to track the vehicle’s location, steal user information, and even cut out the engine.
https://www.zdnet.com/article/flaw-connected-alarm-system-exposed-vehicles-remote-hacking/

IT Pros Worried About IoT But Not Prepared to Secure It
Few organizations have a security policy in place for Internet of Things devices, new survey shows
https://www.darkreading.com/endpoint/it-pros-worried-about-iot-but-not-prepared-to-secure-it/d/d-id/1331817

Relying on legacy security technologies leaves you blind to IoT threats
IoT and IIoT (Industrial IoT) introduce new IoT networks autonomous from the enterprise network. Organizations are blind to these IoT networks and devices across a plethora of new protocols and frequencies.

Relying on legacy security technologies leaves you blind to IoT threats

‘Chrysene’ Group Targets ICS Networks in Middle East, UK
Tracked by industrial cybersecurity firm Dragos as “Chrysene,” the actor has been linked to OilRig and Greenbug, groups that have mainly focused on the Arabian Gulf region and which are believed to have been involved in the Shamoon and Shamoon 2 attacks
https://www.securityweek.com/chrysene-group-targets-ics-networks-middle-east-uk

Critical Flaws Patched in Phoenix Contact Industrial Switches
Several vulnerabilities, including ones rated critical and high severity, have been patched in industrial ethernet switches made by Phoenix Contact, a Germany-based company that specializes in industrial automation, connectivity and interface solutions
https://www.securityweek.com/critical-flaws-patched-phoenix-contact-industrial-switches

Critical Code Execution Flaws Patched in Advantech WebAccess
Advantech WebAccess is a browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems. The product is used in the United States, Europe and East Asia in the energy, critical manufacturing, and water and wastewater sectors.
https://www.securityweek.com/critical-code-execution-flaws-patched-advantech-webaccess

Severe DoS Flaw Discovered in Siemens SIMATIC PLCs
SIMATIC S7-400 is a family of programmable logic controllers (PLCs) designed for process control in industrial environments. The product is used worldwide in the automotive, mechanical equipment manufacturing, building engineering, steel, power generation and distribution, chemical, warehousing, food, and pharmaceutical sectors
https://www.securityweek.com/severe-dos-flaw-discovered-siemens-simatic-plcs

Hacking train Wi-Fi may expose passenger data and control systems
Vulnerabilities on the Wi-Fi networks of a number of rail operators could expose customers’ credit card information, according to infosec biz Pen Test Partners this week
https://www.theregister.co.uk/2018/05/11/train_wifi_hackable_on_some_networks/

2018: Scariest Year of Evil Things on the Internet
The report indicates that security professionals have a heightened concern for growing threats, with 85% of respondents believing their country will suffer a major critical infrastructure cyber-attack in the next five years
https://www.infosecurity-magazine.com/news/2018-scariest-year-of-evil-things/

The Enterprise of Thing’s troubling lack of security
Enterprise deployment of IoT devices brings a unique requirement to enterprise security that is distinct from normal end points and data centers. Here are three strategies to address it
https://www.networkworld.com/article/3272828/internet-of-things/the-enterprise-of-things-troubling-lack-of-security.html

Getting grounded in IoT networking and security
The internet of things already consists of nearly triple the number of devices as there are people in the world, and as more and more of these devices creep into enterprise networks it’s important to understand their requirements and how they differ from other IT gear.
https://www.networkworld.com/article/3269736/internet-of-things/getting-grounded-in-iot-networking-and-security.html

Most Industrial Networks Vulnerable to Attack
Despite the fact that so many aspects of a modern society rely on the proper and uninterrupted operations of critical infrastructure, security flaws across many industrial control systems (ICSs) are largely vulnerable to cyber-attacks
https://www.infosecurity-magazine.com/news/most-industrial-networks/

The ABCs Driving the Growth of Industrial Cybersecurity
Nothing in industrial cybersecurity is as simple as ABC. Protecting complex, yet aging industrial networks against direct and indirect attacks, planned by increasingly sophisticated adversaries, is as big a challenge as you’ll find in operational technology. And, for decades, the exposure of industrial control systems was overlooked and fell far behind IT in terms of risk management
https://www.securityweek.com/abcs-driving-growth-industrial-cybersecurity

Posted in Uncategorized.