10 Jan 2018
REDCON Security Advisors Joins Good Hackers Alliance
Singapore - Athena Dynamics Enters into Strategic Partnership with REDCON Security Advisors to Strengthen its “gha” Offerings in Critical Info-Infrastructure (CII) Cyber Security Protection.


“This partnership is highly strategic to both parties in fulfillment of an imminent need to address the fast-emerging cyber threats in ICS effectively, but also holistically. We are very committed to the success of this partnership with Athena Dynamics as a gha alliance partner” said Thomas Quek, Managing Director, REDCON Security Advisors LLP.


Another key member of gha is NSHC (Network Security Hacking Company), a prominent South Korean security company that is specialised in zero-day findings, deep threat intelligence, and VAPT (vulnerability assessment and penetration testing) for the CII.

[More: athenadynamics.com | redconsa.sg | nshc.net ]

  ICS & IoT Security News

15 Jan 2018
Serious Flaws Found in Phoenix Contact Industrial Switches
Germany - According to advisories published last week by ICS-CERT and its German counterpart CERT@VDE, Phoenix Contact’s FL SWITCH industrial ethernet switches are affected by authentication bypass and information exposure flaws. The security holes affect 3xxx, 4xxx and 48xx series switches running firmware versions 1.0 through 1.32. The vendor addressed the weaknesses in version 1.33, but researchers told SecurityWeek that it took the company roughly 160 days to release patches, which they haven’t been able to verify. According to ICS-CERT, the vulnerabilities are rated as remotely exploitable, and requires low skill level to exploit.
[More: ICSA-18-011-03 | securityweek.com | isssource.com ]

13 Jan 2018
Lenovo Discovers and Removes Backdoor in Networking Switches
China - The Chinese company said it found the backdoor in the firmware of RackSwitch and BladeCenter networking switches, and has released firmware updates earlier this week.
The discovery was made after an internal security audit of firmware for products added to Lenovo's portfolio following the acquisitions of other companies. Lenovo says the backdoor was added in 2004 in RackSwitch and BladeCenter switches running ENOS (Enterprise Network Operating System) at the request of a customer, when ENOS was maintained by Nortel's Blade Server Switch Business Unit.

[More: bleepingcomputer.com | securityaffairs.co | securityweek.com ]

12 Jan 2018
ICS Vendors Assessing Impact of Meltdown, Spectre Flaws
US - Organizations that provide solutions for critical infrastructure sectors, including medical device and industrial control systems (ICS) manufacturers, have started assessing the impact of the recently disclosed Meltdown and Spectre exploits on their products. Among the major vendors include ABB, Siemens, BD, Schneider Electric, & Rickwell Automation. While not all ICS vendors mentioned it, any patches and mitigations for the Spectre and Meltdown vulnerabilities should be tested before being deployed to critical systems, particularly since some of them may cause devices to become unstable.
[More: securityweek.com ]

12 Jan 2018
Thousands Stranded as Hongkong's MTR Service Disruptions Hit East Rail Line
HK - MTR Corporation saw services on its East Rail Line disrupted twice on Thursday, with the first one due to a problem with the signalling system, leaving thousands of rush-hour passengers stranded. A total of 14 trains were stuck on the tracks in between stations, with many passengers stranded in rail cars. According to the MTR Service Update, the rail line’s train control system malfunctioned and trains could not be regulated.
Hongkong had experienced its worst disruption of 10-hours in Aug'17, which was due to a rare concurrent failure of three computer systems that control the rail signalling apparatus. "It is very rare," MTR engineer Wong Yuen Wood was quoted as saying about the Aug'17 incident. "I can't remember a similar problem in more than 10 years. They tried to reboot the systems, but it didn't work." Normally, train services would not be affected if one computer system failed, as long as either of the other two still worked. See related.

[More: ejinsight.com | hongkongfp.com | scmp.com ]

11 Jan 2018
Researchers Find 147 Vulnerabilities in 34 SCADA Mobile Applications
US - IoActive and Embedi researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems. The top security weaknesses were code tampering flaws which were found in 94 percent of apps, insecure authorization in 59 of apps, reverse engineering affecting 53 percent of apps, insecure data storage which accounted for 47 percent of apps, insecure communication in 38 percent of apps and client code quality in 35 percent of the apps. The vulnerabilities could allow an attacker to compromise industrial network infrastructure by allowing them to disrupt an industrial process or cause a SCADA operator to unintentionally perform a harmful action on the system, according to the whitepaper.

In an unrelated recent development, Siemens has announced the latest release of its cloud-based Internet of Things (IoT) operating system, MindSphere, which will be hosted in AWS. See SITREP28.

[More: scmagazine.com | tad.group |  securityweek.com ]

10 Jan 2018
Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC
US - A firmware update released a few weeks ago by Rockwell Automation for its MicroLogix 1400 programmable logic controllers (PLCs) patches a potentially serious vulnerability. According to Rockwell Automation, several MicroLogix 1400 PLCs running version 21.002 and earlier of the firmware are affected by a buffer overflow vulnerability that can be triggered by sending specially crafted Modbus TCP packets to affected devices. The flaw can be exploited remotely by an unauthenticated attacker.
[More: securityweek.com ]

9 Jan 2018
Wi-Fi Alliance Launches WPA3 Protocol with New Security Features
US - The Wi-Fi Alliance, an industry body made up of device makers including Apple, Microsoft, and Qualcomm, announced Monday its next-generation wireless network security standard, WPA3. The standard will replace WPA2, a near-two decades-old security protocol that's built in to protect almost every wireless device today -- including phones, laptops, and the Internet of Things. This is welcome news, given that a Wi-Fi exploit was uncovered late last year which affected all modern Wi-Fi networks using WPA or WPA2 security encryption, letting attackers eavesdrop on traffic between computers and wireless access points. The new WPA3 features will include “robust protection” when passwords are weak, and will also simplify security configurations for devices that have limited or no display interface.
[More: zdnet.com | theverge.com | thehackernews.com ]

8 Jan 2018

Hardcoded backdoor in 12 Western Digital My Cloud NAS devices – Patch Available

US - A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. James Bercegay, a security researcher with GulfTech Research and Development, discovered and reported these flaws to Western Digital in June 2017. “It is interesting to think about how before D-Link updated their software two of the most popular NAS device families in the world, sold by two of the most popular tech companies in the world were both vulnerable at the same time, to the same backdoor for a while. The time frame in which both devices were vulnerable at the same time in the wild was roughly from early 2014 to later in 2014 based on comparing firmware release note dates,” Bercegay notes.

[More: csoonline.com | securityweek.com | bleepingcomputer.com ]

6 Jan 2018
Microsoft Patches for CPU Flaws Break Windows, Apps
US - Revelations about Meltdown and Spectre have wreaked digital havoc and left a critical mass of confusion in their wake. Intel has released firmware patches for its processors, and has been working with numerous manufacturers, like Apple and HP to distribute them for recent versions of Windows, Android, macOS, iOS, Chrome OS, and Linux. Unfortunately, there are reports that the updates released by Microsoft last week for the Spectre and Meltdown vulnerabilities can cause Windows to break down on some computers with AMD processors. Raspberry PI claims that their processor is not affected by Meltdown and Spectre.
[More: wired.com | securityweek.com | raspberrypi.org ]

28 Dec 2017
Romanians Charged for Washington DC Police Cameras Hack
US - Mihai Alexandru Isvanca and Eveline Cismaru were arrested in Romania on Dec. 15, over the hacking incident on 123 of the Metropolitan Police Department by infecting computers with ransomware in an effort to extort money. The PD has 187 outdoor surveillance cameras used to monitor public areas in D.C. The cyber attack occurred just days before the inauguration of President Donald Trump and lasted for almost four days, eventually leaving the CCTV cameras out of recording anything between 12 and 15 January 2017. However, it is still unclear whether the pair arrested was solely behind the attack or were part of a more comprehensive cybercriminal network. If extradited and convicted, the Romanian defendants could face a maximum of 20 years in prison. See SITREP12.
[More: reuters.com | thehackernews.com | bbc.com ]

 Trainings & Events 

 Featured ICS Solutions [SPONSORED POSTS]  

 REDCONSA Digital Publications 

Latest Research Papers & Technical Instruction for ICS Against NotPetya Wiper Malware on Unpatched Windows Systems

Related Video Demonstrations on Mitigation Procedures

Last Line Of Defense Against NotPetya Wiper On Unpatched Windows Systems (Win 7 & 2008)

Last Line Of Defense Against NotPetya Wiper On Unpatched Windows Systems (Win XP & 2003)

Copyright © 2018 REDCON Security Advisors, All rights reserved.

Our mailing address is: