9-9-19 – News This Past Week

Report reveals play-by-play of first U.S. grid cyberattack
A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp.
https://www.eenews.net/stories/1061111289

Critical Bugs Open Food-Safety Systems to Remote Attacks
The issues affect the AK-EM 800 product from SCADA vendor Danfoss. It’s an enterprise management solution for the food retail industry that provides a central architecture for alarm management, automatic data collection and food-quality reporting.
https://threatpost.com/critical-bugs-food-safety-remote-attacks/148009/

Code Execution Flaws Found in EZAutomation PLC, HMI Software
Researchers discovered that two pieces of software made by U.S.-based industrial automation solutions provider EZAutomation are affected by potentially serious vulnerabilities that can be exploited for remote code execution.
https://www.securityweek.com/code-execution-flaws-found-ezautomation-plc-hmi-software

Critical vulnerabilities uncovered in Danfoss SCADA product, patch now!
Researchers found two critical vulnerabilities. One is effectively a backdoor into highly privileged functionality to manage the software. Although this backdoor was likely created to help the vendor’s support team log into systems to assist their clients, the password can be easily determined by attackers.
https://www.helpnetsecurity.com/2019/09/05/danfoss-scada-vulnerabilities/

Posted in Uncategorized.