Latest News

Legacy Software in Cisco Switches Used in Attacks

Date: 5 April 2018
US – Cisco has advised organizations to ensure that their switches cannot be hacked via the Smart Install protocol. The networking giant has identified hundreds of thousands of exposed devices and warned that critical infrastructure could be at risk. The flaw, tracked as CVE-2018-0171, allows a remote and unauthenticated attacker to cause a denial-of-service (DoS) condition or execute arbitrary code by sending specially crafted Smart Install messages to an affected device on TCP port 4786. While it’s unclear if Smart Install was involved, Cylance reported recently that the Dragonfly cyberespionage group had hijacked a core Cisco router at a major state-owned energy conglomerate in Vietnam and abused it to obtain credentials that were later leveraged in attacks targeting energy companies in the United Kingdom.

UK School's CCTV Hacked and Stream Online

Date: 25 February 2018
UK – Four British schools were found among hundreds of public spaces, businesses and private homes whose security was breached because their cameras weren’t protected by passwords. Live video feeds from the schools are being streamed on a US-based website that collects them. According to a report by anti-surveillance advocacy group Big Brother Watch, more than 200 schools across the UK use security cameras in toilets.

Siemens Leads Launch of Global Cybersecurity Initiative

Date: 16 February 2018
Germany  ICS/SCADA giant Siemens, along with IBM, Airbus, Allianz, Daimler, NXP, SGS, T-Mobile, and the Munich Security Conference, today outlined a new global effort aimed at making cybersecurity a default major component and philosophy for businesses and governments in order to protect critical infrastructure, businesses, and individuals worldwide.

Russian Nuclear Scientists Arrested for 'Bitcoin Mining Plot'

Date: 09 February 2018
Russia – Russian security officers have arrested several scientists working at a top-secret Russian nuclear warhead facility for allegedly mining crypto-currencies. The suspects had tried to use one of Russia’s most powerful supercomputers to mine Bitcoins, media reports say. The supercomputer was not supposed to be connected to the internet – to prevent intrusion – and once the scientists attempted to do so, the nuclear centre’s security department was alerted. They were handed over to the Federal Security Service (FSB), the Russian news service Mash says. It appears that this is the 2nd revelation of ICS systems being exploited by insiders for mining crypto-currencies, after a similar occurrence in Europe (SITREP 34).

Cisco Aware of Attacks Exploiting Critical Firewall Flaw

Date: 08 February 2018
US – Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. The flaw affects almost all products running ASA software. Cisco had first notified customers about the availability of fixes on January 29 (SITREP32) , which initially said the security hole was related to the webvpn feature. It later discovered that more than a dozen other features were impacted as well. The company released new patches this week after identifying new attack vectors and determining that the original fix had been incomplete.

Critical Vulnerability in China-based Nari's PCS-9611 Allow Remote Read/Write Abilities

Date: 25 January 2018
China – Kirill Nesterov and Alexey Osipov from @Kaspersky Lab reported a remotely exploitable with low skill level to exploit vulnerability (CVSS v3 9.8) in Nari PCS-9611 relay, a control and monitoring unit that is use mainly in the energy sector and throughout Asia. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.

All versions of the PCS-9611 relay, a control and monitoring unit, are affected.

ICS-CERT reached out to China-based Nari and CNCERT but has not received a response.

Trisis has mistakenly been released on the open internet

Date: 16 January 2018
Germany – The source code of Trisis, an ICS malware targeting Schneider Electric’s Triconex Safety Systems, has been available for nearly anyone to copy since Dec. 22. Schneider Electric has mistakenly posted a sensitive computer file related to Trisis, Library.zip, for scanning in VirusTotal. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye.

Serious Flaws Found in Phoenix Contact Industrial Switches

Date: 15 January 2018
Germany – Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. The security holes affect 3xxx, 4xxx and 48xx series switches running firmware versions 1.0 through 1.32. Researchers told SecurityWeek that it took the company roughly 160 days to release patches, which they haven’t been able to verify.According to ICS-CERT, the vulnerabilities are rated as remotely exploitable, and requires low skill level to exploit.

Researchers Find 147 Vulnerabilities in 34 SCADA Mobile Application

Date: 11 January 2018
US – IoActive and Embedi researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems. The top security weaknesses were code tampering flaws which were found in 94 percent of apps, insecure authorization in 59 of apps, reverse engineering affecting 53 percent of apps, insecure data storage which accounted for 47 percent of apps, insecure communication in 38 percent of apps and client code quality in 35 percent of the apps. Ex

Wi-Fi Alliance Launches WPA3 Protocol with New Security Features

Date: 11 January 2018
Singapore – The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that’s built in to protect almost every wireless device today — including phones, laptops, and the Internet of Things.

Legacy Software in Cisco Switches Used in Attacks

Date: 5 April 2018
US – Cisco has advised organizations to ensure that their switches cannot be hacked via the Smart Install protocol. The networking giant has identified hundreds of thousands of exposed devices and warned that critical infrastructure could be at risk. The flaw, tracked as CVE-2018-0171, allows a remote and unauthenticated attacker to cause a denial-of-service (DoS) condition or execute arbitrary code by sending specially crafted Smart Install messages to an affected device on TCP port 4786. While it’s unclear if Smart Install was involved, Cylance reported recently that the Dragonfly cyberespionage group had hijacked a core Cisco router at a major state-owned energy conglomerate in Vietnam and abused it to obtain credentials that were later leveraged in attacks targeting energy companies in the United Kingdom.

UK School's CCTV Hacked and Stream Online

Date: 25 February 2018
UK – Four British schools were found among hundreds of public spaces, businesses and private homes whose security was breached because their cameras weren’t protected by passwords. Live video feeds from the schools are being streamed on a US-based website that collects them. According to a report by anti-surveillance advocacy group Big Brother Watch, more than 200 schools across the UK use security cameras in toilets.

Siemens Leads Launch of Global Cybersecurity Initiative

Date: 16 February 2018
Germany  ICS/SCADA giant Siemens, along with IBM, Airbus, Allianz, Daimler, NXP, SGS, T-Mobile, and the Munich Security Conference, today outlined a new global effort aimed at making cybersecurity a default major component and philosophy for businesses and governments in order to protect critical infrastructure, businesses, and individuals worldwide.

Russian Nuclear Scientists Arrested for 'Bitcoin Mining Plot'

Date: 09 February 2018
Russia – Russian security officers have arrested several scientists working at a top-secret Russian nuclear warhead facility for allegedly mining crypto-currencies. The suspects had tried to use one of Russia’s most powerful supercomputers to mine Bitcoins, media reports say. The supercomputer was not supposed to be connected to the internet – to prevent intrusion – and once the scientists attempted to do so, the nuclear centre’s security department was alerted. They were handed over to the Federal Security Service (FSB), the Russian news service Mash says. It appears that this is the 2nd revelation of ICS systems being exploited by insiders for mining crypto-currencies, after a similar occurrence in Europe (SITREP 34).

Cisco Aware of Attacks Exploiting Critical Firewall Flaw

Date: 08 February 2018
US – Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. The flaw affects almost all products running ASA software. Cisco had first notified customers about the availability of fixes on January 29 (SITREP32) , which initially said the security hole was related to the webvpn feature. It later discovered that more than a dozen other features were impacted as well. The company released new patches this week after identifying new attack vectors and determining that the original fix had been incomplete.

Critical Vulnerability in China-based Nari's PCS-9611 Allow Remote Read/Write Abilities

Date: 25 January 2018
China – Kirill Nesterov and Alexey Osipov from @Kaspersky Lab reported a remotely exploitable with low skill level to exploit vulnerability (CVSS v3 9.8) in Nari PCS-9611 relay, a control and monitoring unit that is use mainly in the energy sector and throughout Asia. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.

All versions of the PCS-9611 relay, a control and monitoring unit, are affected.

ICS-CERT reached out to China-based Nari and CNCERT but has not received a response.

Trisis has mistakenly been released on the open internet

Date: 16 January 2018
Germany – The source code of Trisis, an ICS malware targeting Schneider Electric’s Triconex Safety Systems, has been available for nearly anyone to copy since Dec. 22. Schneider Electric has mistakenly posted a sensitive computer file related to Trisis, Library.zip, for scanning in VirusTotal. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye.

Serious Flaws Found in Phoenix Contact Industrial Switches

Date: 15 January 2018
Germany – Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. The security holes affect 3xxx, 4xxx and 48xx series switches running firmware versions 1.0 through 1.32. Researchers told SecurityWeek that it took the company roughly 160 days to release patches, which they haven’t been able to verify.According to ICS-CERT, the vulnerabilities are rated as remotely exploitable, and requires low skill level to exploit.

Researchers Find 147 Vulnerabilities in 34 SCADA Mobile Application

Date: 11 January 2018
US – IoActive and Embedi researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems. The top security weaknesses were code tampering flaws which were found in 94 percent of apps, insecure authorization in 59 of apps, reverse engineering affecting 53 percent of apps, insecure data storage which accounted for 47 percent of apps, insecure communication in 38 percent of apps and client code quality in 35 percent of the apps. Ex

Wi-Fi Alliance Launches WPA3 Protocol with New Security Features

Date: 11 January 2018
Singapore – The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that’s built in to protect almost every wireless device today — including phones, laptops, and the Internet of Things.