12-10-18 – News This Past Week

Vulnerability Exposes Rockwell Controllers to DoS Attacks
Some of Rockwell Automation’s MicroLogix controllers and ControlLogix communications modules are affected by a potentially serious vulnerability that can be exploited for denial-of-service (DoS) attacks
https://www.securityweek.com/vulnerability-exposes-rockwell-controllers-dos-attacks

Siemens Wants to Release Security Advisories on Patch Tuesday
The company carried out a pilot test last month, when it published a total of 16 advisories – including new advisories and updates to previously posted announcements – on November 13
https://www.securityweek.com/siemens-wants-release-security-advisories-patch-tuesday

DHS Says SamSam Ransomware is Targeting Critical Infrastructure Entities
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) this week issued an alert on activity related to SamSam, one of the most prevalent ransomware families at the moment
https://www.securityweek.com/dhs-says-samsam-ransomware-targeting-critical-infrastructure-entities

Major flaws uncovered in leading IoT protocols
Trend Micro warned organizations to revisit their operational technology (OT) security after finding major design flaws and vulnerable implementations related to two popular machine-to-machine (M2M) protocols, Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).
https://www.helpnetsecurity.com/2018/12/05/flaws-iot-protocols/

M2M Protocols Expose Industrial Systems to Attacks
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan
https://www.securityweek.com/m2m-protocols-expose-industrial-systems-attacks

Symantec Unveils USB Scanning Station for ICS, IoT Environments
Symantec on Wednesday unveiled a new product designed to protect critical infrastructure organizations, including industrial and Internet of Things (IoT) environments, against USB-borne threats
https://www.securityweek.com/symantec-unveils-usb-scanning-station-ics-iot-environments

Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements
Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements
https://www.securityweek.com/flaws-siglent-oscilloscope-allow-hackers-tamper-measurements

Posted in Uncategorized.