12-17-18 – News This Past Week

Italian Oil Services Company Saipem Hit by Cyberattack
The company has shared few details about the attack – it’s unclear if it was ransomware or another type of intrusion – but its representatives told SecurityWeek that no data was stolen and that only some servers in its infrastructure were impacted
https://www.securityweek.com/italian-oil-services-company-saipem-hit-cyberattack

Claroty Adds New Capabilities to Industrial Security Platform
Industrial cybersecurity firm Claroty on Tuesday announced significant enhancements to its threat detection product, along with technology integrations with several cybersecurity, network infrastructure and industrial automation providers
https://www.securityweek.com/claroty-adds-new-capabilities-industrial-security-platform

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
McAfee finds malware associated with ‘Operation Sharpshooter’ on systems belonging to at least 87 organizations.
https://www.darkreading.com/attacks-breaches/us-defense-critical-infrastructure-companies-targeted-in-new-threat-campaign/d/d-id/1333478

Remotely controlled EV home chargers – the threats and vulnerabilities
But from our point of view this sort of improvement can make chargers an easy target for a variety of attacks. To prove it we decided to take one of them, ChargePoint Home made by ChargePoint, Inc., and conduct some in-depth security research.

Remotely controlled EV home chargers – the threats and vulnerabilities

Ships infected with ransomware, USB malware, worms
The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups
https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/

Secure Critical Infrastructure Top of Mind for U.S.
Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency (NSA), said that while attacks targeting the systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors have been around for awhile, the trend “is going the wrong way.”

Secure Critical Infrastructure Top of Mind for U.S.

Operation Sharpshooter targets infrastructure around the world
Operation Sharpshooter is a recently discovered global cyberattack campaign targeting critical infrastructure organizations, including nuclear, defense and financial companies
https://searchsecurity.techtarget.com/news/252454412/Operation-Sharpshooter-targets-infrastructure-around-the-world

Siemens Patches Several Critical Flaws in SINUMERIK Controllers
Siemens informed customers this week that its SINUMERIK controllers are affected by denial-of-service (DoS), privilege escalation and code execution vulnerabilities, including several flaws that have been classified as “critical.”
https://www.securityweek.com/siemens-patches-several-critical-flaws-sinumerik-controllers

New Shamoon Malware Variant Targets Italian Oil and Gas Company
The latest attack against Saipem reportedly crippled more than 300 of its servers and about 100 personal computers out of a total of roughly 4,000 machines, though the company confirmed that it had already backed up the affected computers, so there no possibility of data being lost in the cyber attack.
https://thehackernews.com/2018/12/shamoon-malware-attack.html

Posted in Uncategorized.