Select Page
Researchers Warn of Critical Flaw Affecting Industrial Automation Systems

Researchers Warn of Critical Flaw Affecting Industrial Automation Systems

A critical vulnerability uncovered in Real-Time Automation’s (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries.

RTA’s ENIP stack is one of the widely used industrial automation devices and is billed as the “standard for factory floor I/O applications in North America.”

“Successful exploitation of this vulnerability could cause a denial-of-service condition, and a buffer overflow may allow remote code execution,” the US cybersecurity and infrastructure agency (CISA) said in an advisory.

As of yet, no known public exploits have been found to target this vulnerability. However, “according to public search engines for Internet-connected devices (e.g. shodan.io) there are more than 8,000 ENIP-compatible internet-facing devices.”

images from Hacker News

Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets

Use This Ultimate Template to Plan and Monitor Your Cybersecurity Budgets

Sound security budget planning and execution are essential for CIO’s/CISO’s success.

Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide security executives a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.

The dynamic nature of the threat landscape and the possibility of the organization being subject to a critical attack, make an unexpected investment in additional products, staff, or services a highly likely scenario that should be considered. Integrating this factor within the initial planning is a challenge for many CISOs encounters.

images from Hacker News

Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs

Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs

Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users’ systems and transmit them to remote servers.

The issue was first spotted last month by a Twitter user named Maxwell in a beta version of the operating system.

“Some Apple apps bypass some network extensions and VPN Apps,” Maxwell tweeted. “Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running.”

But now that the iPhone maker has released the latest version of macOS to the public on November 12, the behavior has been left unchanged, prompting concerns from security researchers, who say the change is ripe for abuse.

Of particular note is the possibility that the bypass can leave macOS systems open to attack, not to mention the inability to limit or block network traffic at users’ discretion.

images from Hacker News

Chinese APT Hackers Target Southeast Asian Government Institutions

Chinese APT Hackers Target Southeast Asian Government Institutions

Cyber security researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018.

“The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with forensic artefacts pointing towards a sophisticated Chinese actor,” Bitdefender said in a new analysis shared with The Hacker News.

It’s worth noting that the FunnyDream campaign has been previously linked to high-profile government entities in Malaysia, Taiwan, and the Philippines, with a majority of victims located in Vietnam.

According to the researchers, not only around 200 machines exhibited attack indicators associated with the campaign, evidence points to the fact the threat actor may have compromised domain controllers on the victim’s network, allowing them to move laterally and potentially gain control of other systems.

The research has yielded little to no clues as to how the infection happened, although it’s suspected that the attackers employed social engineering lures to trick unwitting users into opening malicious files.

images from Hacker News

Researcher Discloses Critical RCE Flaws In Cisco Security Manager

Researcher Discloses Critical RCE Flaws In Cisco Security Manager

Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform.

The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept (PoC) code for as many as 12 security vulnerabilities affecting the web interface of CSM that makes it possible for an unauthenticated attacker to achieve remote code execution (RCE) attacks.

The flaws were responsibly reported to Cisco’s Product Security Incident Response Team (PSIRT) three months ago, on July 13.

“Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn’t mention any of the vulnerabilities,” claimed frycos in a tweet, citing the reasons for going public with the PoCs yesterday.

Cisco Security Manager is an end-to-end enterprise solution that allows organizations to enforce access policies and manage and configure firewalls and intrusion prevention systems in a network.

images from Hacker News

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Trojanized Security Software Hits South Korea Users in Supply-Chain Attack

Cyber security researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems.

Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the mandatory requirement that internet users in the country must install additional security software in order to avail Internet banking and essential government services.

The attack, while limited in scope, exploits WIZVERA VeraPort, which is billed as a “program designed to integrate and manage internet banking-related installation programs,” such as digital certificates issued by the banks to individuals and businesses to secure all transactions and process payments.

The development is the latest in a long history of espionage attacks against victims in South Korea, including Operation TroyDDoS attacks in 2011, and against banking institutions and cryptocurrency exchanges over the last decade.

images from Hacker News