For inquiries on on Call-for-Papers, Exhibiting & Sponsorship opportunities, please email:
Mike: mlennon@securityweek.com
Thomas: tquek@securityweek.com

  ICS & IoT Security News

10 Jan 2018
Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC
US - A firmware update released a few weeks ago by Rockwell Automation for its MicroLogix 1400 programmable logic controllers (PLCs) patches a potentially serious vulnerability. According to Rockwell Automation, several MicroLogix 1400 PLCs running version 21.002 and earlier of the firmware are affected by a buffer overflow vulnerability that can be triggered by sending specially crafted Modbus TCP packets to affected devices. The flaw can be exploited remotely by an unauthenticated attacker.
[More: securityweek.com ]

9 Jan 2018

Wi-Fi Alliance Launches WPA3 Protocol with New Security Features
US - The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things. This is welcome news, given that a Wi-Fi exploit was uncovered late last year which affected all modern Wi-Fi networks using WPA or WPA2 security encryption, letting attackers eavesdrop on traffic between computers and wireless access points. The new WPA3 features will include “robust protection” when passwords are weak, and will also simplify security configurations for devices that have limited or no display interface.
[More: zdnet.com | theverge.com | thehackernews.com ]

8 Jan 2018

Hardcoded backdoor in 12 Western Digital My Cloud NAS devices – Patch Available

US - A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. James Bercegay, a security researcher with GulfTech Research and Development, discovered and reported these flaws to Western Digital in June 2017. “It is interesting to think about how before D-Link updated their software two of the most popular NAS device families in the world, sold by two of the most popular tech companies in the world were both vulnerable at the same time, to the same backdoor for a while. The time frame in which both devices were vulnerable at the same time in the wild was roughly from early 2014 to later in 2014 based on comparing firmware release note dates,” Bercegay notes.

[More: csoonline.com | securityweek.com | bleepingcomputer.com ]

6 Jan 2018
Microsoft Patches for CPU Flaws Break Windows, Apps
US - Revelations about Meltdown and Spectre have wreaked digital havoc and left a critical mass of confusion in their wake. Intel has released firmware patches for its processors, and has been working with numerous manufacturers, like Apple and HP to distribute them for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux. Unfortunately, there are reports that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities can cause Windows to break down on some computers with AMD processors. Raspberry PI claims that their processor is not affected by Meltdown and Spectre.
[More: wired.com | securityweek.com | raspberrypi.org ]

28 Dec 2017
Romanians Charged for Washington DC Police Cameras Hack
US - Mihai Alexandru Isvanca and Eveline Cismaru were arrested in Romania on Dec. 15, over the hacking incident on 123 of the Metropolitan Police Department by infecting computers with ransomware in an effort to extort money. The PD has 187 outdoor surveillance cameras used to monitor public areas in D.C. The cyber attack occurred just days before the inauguration of President Donald Trump and lasted for almost four days, eventually leaving the CCTV cameras out of recording anything between 12 and 15 January 2017. However, it is still unclear whether the pair arrested was solely behind the attack or were part of a more comprehensive cybercriminal network. If extradited and convicted, the Romanian defendants could face a maximum of 20 years in prison. See SITREP12.
[More: reuters.com | thehackernews.com | bbc.com ]

12 Dec 2017
Schools Warned over Hackable Heating Systems
UK - Dozens of British schools' heating systems have been found to be vulnerable to hackers, according to a probe by a security research firm. Pen Test Partners says the problem was caused by the equipment's controllers being connected to the wider internet, against the manufacturer's guidelines. But it is not just schools, as many buildings including offices and even Heathrow’s Terminal Five are vulnerable because of their use of smart building controllers. In a related incident on 16 Nov 2016, building automation systems stopped heating for residents in Finland during winter after coming under Distributed Denial of Services. The residents had to endured the cold until the system was placed behind a firewall and went back up. See SITREP2.
[More: theregister.co.uk | silicon.co.uk | bbc.com ]

28 Dec 2017
Code Used in Zero Day Huawei Router Attack Made Public
China - An exploit code called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now publicly available on a popular annonymous information disclosure website called pastebin. Identified initially by Check Point researchers late November, Satori was found infecting more than 200,000 IP addresses in just 12 hours earlier this month, according to an analysis posted by Chinese security firm 360 Netlab on December 5. Attackers were found exploiting a flaw in Huawei routers to upload Satori exploit code, creating a botnet. In the Satori attack, each bot is instructed to flood targets with manually crafted UDP or TCP packets.
[More: thehackernews.com | threatpost.com | scmagazine.com ]

18 Dec 2017
Completion of Detailed Investigation into the Train Collision at Joo Koon MRT Station
Singapore - The Singapore's Land Transport Authority (LTA) has completed detailed investigations into the cause of the 15 November 2017 train collision at Joo Koon MRT station. During that incident on 15 November, a total of 38 people were reported to be injured to date. The LTA, train operator SMRT and signalling system provider Thales have ascertained that the train collision on 15 November 2017 was caused by an unexpected disabling of a protective feature on the train that was hit, when it earlier passed by a trackside device at Clementi (a train station on the western part of Singapore), which had yet to be modified for compatibility with the Communications-Based Train Control (CBTC) system.
[More: channelnewsasia.com | smrt.com.sg | lta.gov.sg ]

15 Dec 2017
Siemens’ MindSphere to Be Hosted on AWS
Germany - Siemens has announced the latest release of its cloud-based Internet of Things (IoT) operating system, MindSphere. Currently available in select preview and set for general release in January 2018, the latest version of MindSphere will be hosted for the first time on Amazon Web Services (AWS). MindSphere is one of a number of so-called Internet-of-Things platforms being developed by industrial companies racing to help their manufacturing customers improve productivity, where growth has been slowing in developed countries. The area is still in its infancy, with companies pursuing different strategies, although Siemens is generally considered to be leading the pack.
However, it is a point to note that AWS experienced its 1st major breakdown in March 2017, resulting in consumer's and IoT disruptions, as well also its own AWS-hosted dashboard to warn the world. See related.
[More: engineering.com | reuters.com | crn.com.au ]

 Trainings & Events 

SHORT CORPORATE & ICS TRAININGS
Promotion till 31 Jan 2018. Register now & Save!

 Useful Links & Downloads 

 REDCONSA Digital Publications 

Latest Research Papers & Technical Instruction for ICS Against NotPetya Wiper Malware on Unpatched Windows Systems

Related Video Demonstrations on Mitigation Procedures

 

Last Line Of Defense Against NotPetya Wiper On Unpatched Windows Systems (Win 7 & 2008)


Last Line Of Defense Against NotPetya Wiper On Unpatched Windows Systems (Win XP & 2003)

Copyright © 2018 REDCON Security Advisors, All rights reserved.

Our mailing address is:
ADVISORS@REDCONSA.SG