5-20-19 – News This Past Week

Wormable Windows RDS Vulnerability Poses Serious Risk to ICS
A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned.
https://www.securityweek.com/wormable-windows-rds-vulnerability-poses-serious-risk-ics

We chat to boffins who’ve found a way to disrupt landings using off-the-shelf radio kit
In a research paper titled “Wireless Attacks on Aircraft Instrument Landing Systems,” scheduled to be presented at the 28th USENIX Security Symposium in August, computer scientists Harshad Sathaye, Domien Schepers, Aanjhan Ranganathan, and Guevara Noubir demonstrate that it’s possible to interfere with ILS data in real-time, potentially causing aircraft to discontinue a landing approach (“go around”) or miss the landing area entirely in a low-visibility situation
https://www.theregister.co.uk/2019/05/16/airplane_landing_security/

The Shortcomings of Network Monitoring in Fighting ICS Threats
The growing sophistication of industrial control system (ICS) networks, especially since the advent of the Industrial Internet of Things (IIoT), has improved numerous processes while also making them softer targets for attacks. Simply put, interconnectedness has broadened and weakened the attack surface
https://www.securityweek.com/shortcomings-network-monitoring-fighting-ics-threats

The six biggest cybersecurity risks facing the utilities industry
The utilities industry is rapidly modernizing its infrastructure, adding more digitized equipment and connectivity across devices, plants, and systems. This evolution to “smart infrastructure” represents a positive, paradigm shift for the industry

The six biggest cybersecurity risks facing the utilities industry

Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products
According to the German industrial giant, SINAMICS Perfect Harmony GH180 medium voltage converters are impacted by two high-severity denial-of-service (DoS) vulnerabilities that can be exploited by an attacker who has access to the network housing the targeted device. The flaws can be exploited with no privileges and without any user interaction
https://www.securityweek.com/siemens-addresses-vulnerabilities-logo-sinamics-products

Posted in Uncategorized.