4-15-19 – News This Past Week

Someone is targeting “critical infrastructure” safety systems in networked attacks
The Triton malware was first identified 16 months ago by researchers from Fireeye: it targets Triconex control systems from Schneider Electric, and was linked by Fireeye to the Central Scientific Research Institute of Chemistry and Mechanics in Moscow

Someone is targeting “critical infrastructure” safety systems in networked attacks

Triton ICS Malware Hits A Second Victim
According to researchers at FireEye, the cybercriminals behind Triton, also called Trisis, have once again targeted industrial control systems (ICS), this time at an undisclosed company in the Middle East. Further, FireEye has taken the additional step of linking Triton with high confidence to Russian state-sponsored hackers

SAS 2019: Triton ICS Malware Hits A Second Victim

The hacker group behind the Triton malware strikes again
The company was tight-lipped on the intrusion at the second facility, declining to describe the type of facility or its location — or even the year of the attack

The hacker group behind the Triton malware strikes again

Mysterious safety-tampering malware infects a second critical infrastructure site
Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents
https://arstechnica.com/information-technology/2019/04/mysterious-safety-tampering-malware-infects-a-2nd-critical-infrastructure-site/

Industry Reactions to New Triton Attacks on Critical Infrastructure
The existence of Triton came to light in 2017 after the malware had caused disruptions at an oil and gas plant in Saudi Arabia. FireEye, which previously linked Triton to a research institute owned by the Russian government, recently analyzed the threat actor’s tools and techniques after identifying another target
http://www.securityweek.com/industry-reactions-new-triton-attacks-critical-infrastructure

Siemens Patches Serious DoS Flaws in Many Industrial Products
Siemens’ Patch Tuesday updates for April 2019 address several serious vulnerabilities, including some denial-of-service (DoS) flaws affecting many of the company’s industrial products
http://www.securityweek.com/siemens-patches-serious-dos-flaws-many-industrial-products

Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
On April 9, Siemens published its monthly Siemens Advisory Day release across a variety of Siemens products. This includes 11 CVEs newly addressed in Siemens products along with updates to previous advisories, including additional CVEs and product updates and mitigations. The most critical of these vulnerabilities could give an unauthenticated attacker administrative privileges
https://www.tenable.com/blog/critical-vulnerability-in-siemens-spectrum-power-cve-2019-6579-patched-in-monthly-advisory

Cars Exposed to Hacker Attacks by Hardcoded Credentials in MyCar Apps
A small aftermarket telematics unit from Montreal, Canada-based AutoMobility, MyCar provides users with a series of smartphone-controlled features for their cars, including geolocation, remote start/stop and lock/unlock capabilities.
http://www.securityweek.com/cars-exposed-hacker-attacks-hardcoded-credentials-mycar-apps

Medical Device Cybersecurity
Before long, just about everything in the medical world will be running on software – and even connected to the internet. That already applies to pacemakers and insulin pumps and a host of devices used in hospitals
http://www.byuradio.org/episode/e85c70f1-e81a-48d4-9c69-9c469fe23ce6/top-of-mind-with-julie-rose-israel-women-in-trucking-medical-device-cybersecurity?playhead=2219&autoplay=true

Hacking healthcare: A call for infosec researchers to probe biomedical devices
It is a brave new connected world out there and there is no shortage of cybersecurity risks associated with everything we do. We can’t even be sure that the technologies that keep as alive and healthy will work as intended if malicious actors set their sights on them

Hacking healthcare: A call for infosec researchers to probe biomedical devices

90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited
OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyberattacks on a regular basis

90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited

Posted in Uncategorized.