Zeppelin ransomware. The DoNot Team. $10 million reward for Conti tips. Cyber partisans. CISA issues 28 ICS advisories. – The CyberWire

admin on August 13, 2022 Leave a Comment

Dateline Moscow, Kyiv, and Minsk: Insecurity in the communications zone.

Ukraine at D+169: Partisans, both kinetic and cyber. (CyberWire) Ukraine appears determined to convince Russia (and its Belarusian fellow-traveler) that the rear areas, including Crimea and Belarusian border regions themselves aren't safe places any longer. A website aims to train and empower anti-Russian cyber partisans.

Russia-Ukraine war: List of key events, day 170 (Al Jazeera) As the Russia-Ukraine war enters its 170th day, we take a look at the main developments.

UN nuclear watchdog warns of grave hour amid fresh shelling of Ukraines Zaporizhzhia plant (the Guardian) Agency chief calls for immediate end to military activity around plant, saying further deeply worrying incidents could lead to disaster

Russia-Ukraine war: 'Explosions heard at Belarus airbase' near Ukrainian border (The Telegraph) Unexplained explosions were heard in the early hours on Thursday at a military airbase in Belarus near the Ukrainian border, that Russia has been using as one of the launchpads for the invasion.

Belarus says 'technical incident' behind blasts at military base (Reuters) Belarus said on Thursday that blasts heard overnight at one of its military bases 30 km (19 miles) from Ukraine were caused by a "technical incident."

Ukraine says Marines resist Russian push in Kherson region (Newsweek) The Ukrainian Navy took out 16 Russian soldiers in the Donetsk region, according to the force.

Satellite pictures show devastation at Russian air base in Crimea (Reuters) Satellite pictures released on Thursday showed devastation at a Russian air base in Crimea, hit in an attack that suggested Kyiv may have obtained new long-range strike capability with potential to change the course of the war.

Damage at Air Base in Crimea Worse Than Russia Claimed, Satellite Images Show (New York Times) Russian authorities had previously portrayed the blast as minor, but the satellite images show three major craters and at least eight destroyed warplanes. Local officials listed dozens of damaged buildings and declared a state of emergency.

Russian warplanes destroyed in Crimea airbase attack, satellite images show (the Guardian) Multiple aircraft at Saky base in Crimea blown up, with the new evidence suggesting possibility of targeted attack

Ukraines Strike in Crimea Could Be a Turning Point in the War (The Bulwark) Determined soldiers and steady flows of supplies point to continued Ukrainian success.

Great Expectations? The Next Phase of the Russo-Ukrainian War (War on the Rocks) Michael Kofman joined Ryan for yet another conversation about the unfolding tragedy of the Russo-Ukrainian War.

Vladimir Putins military cupboard is bare (The Telegraph) The Kremlin will want to respond to Ukraines attack in Crimea. It may no longer have the ability to do so

Putin is running out of excuses as Ukraine expands the war to Crimea (Atlantic Council) Ukraine appears to have struck deep inside Russian-occupied Crimea for the first time on August 9 with an audacious attack on a heavily defended military base. The explosions at western Crimeas Saki airbase rattled nerves in Moscow and sparked panic throughout the Russian-occupied Ukrainian peninsula, with traffic jams reported on routes leading to the Crimean Bridge as Russian holidaymakers scrambled to cut short their vacations.

Putin Has Opened a Pandoras Box of International Adventurism (Wilson Center) In Ukraine, Vladimir Putin has failed on many levels. He is paying an enormous cost, but he has been successful enough to usher in a barrage of unintended consequences for the worlds economy and some of the worlds most opportunistic players.

Latvia designates Russia a "state sponsor of terrorism" over Ukraine war (Reuters) Latvia's parliament on Thursday designated Russia as a "state sponsor of terrorism" over the war in Ukraine and called on Western allies to impose more comprehensive sanctions on Moscow in order to bring an end to the conflict.

The Other Ukrainian Army (The Atlantic) Imperiled by Russian invaders, private citizens are stepping forward to do what Ukraines government cannot.

Crimea bridge jammed with traffic as Russians flee after air base blasts (Newsweek) The Saki air base near Novofedorivka village was hit in a strike that reportedly killed one person and damaged or destroyed nine Russian planes.

Ukraine mocks crying Russian in Crimea with explosions video (Newsweek) The video includes footage of Russian tourists watching explosions at the Saky air base, after which on-screen text reads: "Time to head home. Crimea is Ukraine."

Russian journalist who protested Putin's war live on TV placed under house arrest (The Telegraph) Marina Ovsyannikova could face 10 years in prison if convicted of demonstration near the Kremlin

Ukraine cyber chief pays surprise visit to 'Black Hat' hacker meeting in Las Vegas (Reuters) Ukraine's top cyber official addressed a room full of security experts at a hackers' convention following a two-day trip from the capital, Kyiv, to a golden casino in Las Vegas.

Black Hat 2022 Cyberdefense in a global threats era (WeLiveSecurity) ESET's expert Tony Anscombe take on this first day of Black Hat 2022, with a special highlights on the cyberwar in Ukraine and the role of cyberdefense.

How one Ukrainian ethical hacker is training 'cyber warriors' in the fight against Russia (The Record by Recorded Future) In the Ukrainian hacker community, Mykyta Knysh is a household name. The 31-year-old former employee of Ukraines Security Service (SBU) founded cybersecurity consulting company HackControl in 2017 and launched a YouTube channel about internet security and digital literacy. It has about 8,000 subscribers.

How Russian sanctions may be helping US cybersecurity (SearchSecurity) Government officials say Russian sanctions following the invasion of Ukraine are slowing down cyber attacks on the U.S.

Past And Future In Ukraine And Belarus (RadioFreeEurope/RadioLiberty) A crucial time in the war in Ukraine, and two years since a disputed election led to protests and crackdown in Belarus. Nigel Gould-Davies, senior fellow for Russia and Eurasia at the International Institute for Strategic Studies, joins host Steve Gutterman to discuss.

How Does Russias War against Ukraine Affect Civilians Living Near Front Lines? (Wilson Center) Since February, Russia has been attacking Ukrainian cities from different directions with different weapons. Tens of thousands of people have died because of this attack. How is the invasion affecting people in these areas, and what challenges do they face in everyday life? Here are a few insights into the living conditions of Ukrainian citizens in war zones, from a reporter who regularly travels to regions neighboring the Russian army.

Generation UA: Young Ukrainians are driving the resistance to Russias war (Atlantic Council) Generation UA: From politics and the military to civil society and journalism, the post-independence generation of young Ukrainians is driving the country's remarkable fight back against Russia's invasion.

Western nations pledge more military support for Ukraine (AP NEWS) Western countries agreed Thursday to continue long-term funding to help Ukraines military keep fighting nearly 5 months after Russia invaded its neighbor, saying 1.5 billion euros ($1.5 billion) has been pledged so far and more is coming.

Turkey Is the Biggest Swing Player in the Russia-Ukraine War (Foreign Policy) Ankara has used its unique position for a strategic advantage.

When will Sweden and Finland join NATO? Tracking the ratification process across the Alliance. (Atlantic Council) With this tracker, the Atlantic Council team is keeping tabs on the countries that have ratified the amended NATO treatyand handicapping the political prospects for ratification in the rest.

Expert on the ground: What the NATO ratification process looks like from Finland (Atlantic Council) Helsinki is watching closely as political momentum builds for Finland and Sweden's NATO accession, with military preparation already under way.

Will the Ukraine War Return Poland to Europes Democratic Fold? (Foreign Policy) Europe and Poland need each other more than ever.

Europe's Exhaustion (Wilson Center) The first bomb that fell on Kyiv on February 24 buried the united Europe project that had been born out of the ruins of World War II. This explosion raises fundamental, perhaps even existential, questions, to which Europe is only now starting to wake up.

German soldier sent army secrets to Russian spies out of sympathy (The Telegraph) Former reservist on trial accused of feeding Moscows military intelligence service with sensitive industrial and army details

The US-Led Drive to Isolate Russia and China Is Falling Short (Bloomberg) While the US and its allies have sanctioned Russia for its invasion of Ukraine, half of the countries in the Group of Twenty have not signed up.

China on the Offensive (Foreign Affairs) How the Ukraine war has changed Beijings strategy.

Chinas New Vassal (Foreign Affairs) The war in Ukraine turned Moscow into Beijings junior partner.

How Putins Ukraine War Has Only Made Russia More Reliant on China (Defense One) Despite Putins imperial dreams, in the last six months China has increasingly dictated the direction of the partnership and squeezed more concessions from the Russians.

Russia Cant Fight a War and Still Arm the World (Foreign Affairs) How the countrys shrinking weapons exports could change the Middle East.

Why Is Armenia So Close to Russia and Iran? (Foreign Policy) The small Caucasus country challenges the idea that the world is splitting into democratic and autocratic camps.

Thousands sign Ukraine petition to remove Amnesty chief Agnes Callamard (Newsweek) Ukrainian civil society leaders are demanding action after an Amnesty International report that "spit in the face of Ukrainian people."

Germanys Frantic Push to Reduce Gas Consumption (Foreign Policy) As Russia weaponizes its gas exports, Germany is left scrambling to meet its needsand reduction targets.

Internal documents: BSI warning about Kaspersky was strongly politically motivated - How smart Technology changing lives (Tech Smart) After Russia's military attack on Ukraine, the BSI abruptly blocked communication with Kaspersky and coordinated with the Ministry of the Interior. Internal documents from the Federal Office for Information Security (BSI) show how difficult it was for the cyber security authority to deal with the start of Russia's war

The EUs Next Ban Could Be on Russian Tourists (World Politics Review) A debate is raging across Europe over whether all Russians should be banned from entering the EU.

#StopRansomware: Zeppelin Ransomware (CISA) Actions to take today to mitigate cyber threats from ransomware: Prioritize remediating known exploited vulnerabilities. Train users to recognize and report phishing attempts. Enable and enforce multifactor authentication.

APT-C-35: New Windows Framework Revealed (Morphisec) Morphisec Labs exclusively details new updates to the Windows framework of the advanced persistent threat actors APT-C-35, a.k.a the DoNot Team.

How a Venezuelan disinformation campaign swayed voters in Colombia (CSO Online) A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Columbia to its political benefit.

Facebook parent company pushes back on two cyber-espionage groups (Washington Examiner) These outfits create fake personas and impersonate famous people or attractive women.

DHS undersecretary: Log4j problem is not over, may take a decade or longer (The Record by Recorded Future) The controversy and concern around Log4j is far from over, according to the chair of Homeland Security's Cyber Safety Review Board.

Loki Is Part Cyberdeck, Part Sinclair Spectrum, And Pretty Tricky (Hackaday) Youve got to watch out for Loki hes a trickster, after all, and he might make you think this semi-cyberdeck mash-up machine is named after him, when the backstory on this buil

Xiaomi phones with MediaTek chips vulnerable to forged payments (BleepingComputer) Security analysts have found weaknesses in the implementation of the trusted execution environment (TEE) in MediaTek-powered Xiaomi smartphones, which could enable third-party unprivileged apps to disable the payment system or forge payments.

LNKs Awakening: Cybercriminals Moving from Macros to Shortcut Files to Access Business PCs (HP) HP Inc. (NYSE: HPQ) today issued its quarterly Threat Insights Report revealing that a wave of cybercriminals spreading malware families including QakBot, IceID, Emotet, and RedLine Stealer are shifting to shortcut (LNK) files to deliver malware. Shortcuts are replacing Office macros which are starting to be blocked by default in Office as a way for attackers to get a foothold within networks by tricking users into infecting their PCs with malware. This access can be used to steal valuable company data, or sold on to ransomware groups, leading to large-scale breaches that could stall business operations and result in significant remediation costs.

OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities (SecurityWeek) Potentially serious vulnerabilities have been found in a building management system made by Alerton, a brand of industrial giant Honeywell.

Windows-based HMIs are too slow for monitoring process sensors or plant equipment anomalies (Control Global) Microsoft Windows has been widely adopted as a Human-Machine Interface (HMI) for Operational Technology (OT) networks which includes control systems, process sensors, and equipment monitoring. Why? Because it was there and available, not because it was optimized for the task. Windows has proven to be a great operating system for business systems and information exchange between Information Technology (IT) and OT organizations. But as an HMI to provide detailed engineering data, not so much.

AT&T Customer Data Found on the Dark Web (Hold Security) Data that likely belongs to AT&T Internet, TV, and landline customers was identified in the hands of the Romanian cyber criminals.

It Might Be Our Data, But Its Not Our Breach (KrebsOnSecurity) A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests

Cisco Confirms Data Breach, Hacked Files Leaked (Dark Reading) Ransomware gang gained access to the company's VPN in May by convincing an employee to accept a multifactor authentication (MFA) push notification.

NHS IT supplier held to ransom by hackers (BBC News) Its IT provider says it may take three or four weeks to fully recover from the cyber-attack.

Cyber-attack targets IT firm used by Northern Ireland's health service (BBC News) Health officials shut down system access to services provided by IT company Advanced as a precaution.

NHS ransomware attack: what happened and how bad is it? (the Guardian) Cyber-attacks on health bodies appear to be on the rise again after a hiatus early in the pandemic

NHS working with U.K. cyber authorities to assess ransomware attack on IT vendor (The Record by Recorded Future) The U.K.s National Health Service said it is working with the countrys National Cyber Security Centre to investigate a recent ransomware attack on a major IT vendor.

Swan Bitcoin Discloses Data Leak Due to Phishing Attack on Newsletter Provider (Decrypt) Crypto trading app Swan Bitcoin is among dozens of crypto businesses affected by a data breach suffered by email marketing firm Klaviyo.

Report: Ransomware gangs, fraudsters laundered $540 million through RenBridge platform (The Record by Recorded Future) Hackers and cryptocurrency thieves are turning to so-called cross-chain platforms to launder money and avoid attempts by law enforcement to trace and freeze their illicit proceeds.

Facebooks In-app Browser on iOS Tracks Anything You Do on Any Website (Threatpost) Researcher shows how Instagram and Facebooks use of an in-app browser within both its iOS apps can track interactions with external websites.

Emotet Phishing UpdateAnd a Reminder to Turn On Dark Cubed Auto-Blocking (Dark Cubed) In one of our first Threat Spotlight entries back in early February , we introduced Emotet malware and why its so dangerous to the Dark Cubed user community, one comprising mostly small businesses. Now, weve uncovered evidence that Emotets threat to our user community - and the broader small bu

iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser (Felix Krause) The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.

CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

August Patch Tuesday 2022: Updates and Analysis (CrowdStrike) The CrowdStrike Falcon Spotlight team analyzes this months vulnerabilities, highlights the most severe CVEs and recommends how to prioritize patching.

Hackers are still using these old security flaws in Microsoft Office. Make sure you've patched them (ZDNet) 'Malware authors still achieve their aims by relying on aging vulnerabilities,' warn security researchers.

Cisco Releases Security Update for Multiple Products (CISA) Cisco has released a security update to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Siemens Simcenter STAR-CCM+ (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Command Injection, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to command injection and denial-of-service condition.

Schneider Electric EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 Vulnerabilities: Heap-based Buffer Overflow, Wrap or Wraparound, Classic Buffer Overflow, Out-of-bounds Write 2.

Emerson ROC800, ROC800L and DL8000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: High attack complexity Vendor: Emerson Equipment: ROC800, ROC800L and DL8000 Vulnerability: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as OT:ICEFALL that details vulnerabilities found in multiple operational technology (OT) vendors.

Siemens SICAM A8000 Web Server Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 CP-8000, CP-8021, CP-8022 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated access to the web interface of the affected web server.

Siemens SICAM TOOLBOX II (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM TOOLBOX II Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability results in full access to the database.

Siemens SCALANCE (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection), Allocation of Resources Without Limits or Throttling, Basic Cross Site Scripting 2.

Siemens SIMATIC S7-400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-400 Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition.

Siemens Industrial Products Intel CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-05 Siemens Industrial Products Intel CPU that was published August 10, 2021, to the ICS webpage on http://www.cisa.gov/uscert.

Siemens Industrial Products LLDP (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Classic Buffer Overflow, Uncontrolled Resource Consumption 2.

Siemens Linux-based Products (Update G) (CISA) 1. EXECUTIVE SUMMARYCVSS v3 7.4ATTENTION: Exploitable remotelyVendor: SiemensEquipment: Linux based productsVulnerability: Use of Insufficiently Random Values2. UPDATE INFORMATIONThis updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update F) that was published November 11, 2021, to the ICS webpage at http://www.cisa.gov/uscert.

Siemens Datalogics File Parsing Vulnerability (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerability: Heap-based buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash a system or potentially lead to arbitrary code execution if a user opens a malicious PDF file.

Siemens S7-400 CPUs (Update A) (CISA) This updated advisory is a follow-up to the advisory update titled ICSA-18-317-02 Siemens S7-400 CPUs (Update A) that was published May 14, 2019, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Improper Input Validation vulnerability in versions of SIMATIC S7-400 products.

Siemens SIMATIC Software Products (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC Software Products Vulnerability: Incorrect Permission Assignment for Critical Resource 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-194-06 Siemens SIMATIC Software Products (Update A) that was published July 13, 2021, to the ICS webpage on cisa.gov/ics

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2.

Baxter Sigma Spectrum Infusion Pumps (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baxter Equipment: Sigma Spectrum Infusion Pumps Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Operation on a Resource After Expiration or Release 2.

Siemens Industrial Products with OPC UA (Update H) (CISA) 1. EXECUTIVE SUMMARY CVSS v37.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2.

Siemens PROFINET Stack Integrated on Interniche Stack (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Stack Integrated on Interniche Stack Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a denial-of-service condition.

Siemens TIA Portal (Update C) (CISA) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Low skill level to exploitVendor: SiemensEquipment: TIA PortalVulnerability: Path Traversal2. UPDATE INFORMATIONThis updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update B) that was published January 12, 2021, to the ICS webpage at http://www.cisa.gov/uscert/ics.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution with elevated permissions.

Siemens Industrial Devices using libcurl (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash and allow an attacker to interfere with the affected products in various ways.

Siemens SIMATIC WinCC and PCS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities may lead the binary to crash or allow an attacker to view files on the application server filesystem.

Siemens Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: OPC Foundation Local Discovery Server of several industrial products Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition on the service or the device.

Siemens OpenSSL Vulnerabilities in Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/high attack complexity Vendor: Siemens Equipment: Siemens Industrial Products Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthenticated attacker to cause a denial-of-service condition if a maliciously crafted renegotiation message is sent.

Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Improper Control of Generation of Code 2. RISK EVALUATION Successful exploitation of this vulnerability could cause malicious behavior through legitimate user accounts accessing certain web resources on affected devices.

Simcenter Femap and Parasolid (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION:Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution in the context of the current process of the application through an out-of-bounds read.

Siemens SRCS VPN Feature in SIMATIC CP Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP Devices Vulnerabilities: Heap-based Buffer Overflow, Command Injection, Code Injection 2.

Access to hacked corporate networks still strong but sales fall (BleepingComputer) Statistics collected by cyber-intelligence firm KELA during this year's second quarter show that marketplaces selling initial access to corporate networks have taken a blow.

Ransomware Victims and Network Access Sales in Q2 2022 (KELA) Ransomware groups continue to evolve and threaten organizations and companies around the world. While some gangs reduced their activity in Q2 2022 or shut down, new actors like Black Basta emerged and continued extorting money from businesses. Similarly to the ransomware attackers, there are actors mimicking their methods, such as stealing data and managing data leak sites, but not using actual encrypting software in their attacks.

Link:
Zeppelin ransomware. The DoNot Team. $10 million reward for Conti tips. Cyber partisans. CISA issues 28 ICS advisories. - The CyberWire

Related Posts
Posted in Internet Security

Comments are closed.