Security CERT Global

    • CVE-2020-27272 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows ... read more
    • CVE-2021-2029 (scripting)
      Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access ... read more
    • CVE-2020-27256 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin ... read more
    • CVE-2020-27276 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities ... read more
    • CVE-2020-27270 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically ... read more
    • CVE-2021-21270
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server ... read more
    • CVE-2020-28487
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element ... read more
    • CVE-2020-12511
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web ... read more
    • CVE-2020-12513
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2021-21259
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker ... read more
    • CVE-2020-4766
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending ... read more
    • CVE-2020-12512
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12514
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a ... read more
    • CVE-2020-12525
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data ... read more
    • CVE-2021-21260
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers ... read more
    • CVE-2020-4887 (aix, vios)
      IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM ... read more
    • CVE-2020-28707 (stockdio_historical_chart)
      The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. ... read more
    • CVE-2021-25178 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. ... read more
    • CVE-2020-28480 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading ... read more
    • CVE-2020-27733 (manageengine_applications_manager)
      Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. ... read more
    • CVE-2020-23342 (anchor_cms)
      A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. ... read more
    • CVE-2020-28479 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. ... read more
    • CVE-2021-25177 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-4983 (spectrum_lsf, spectrum_lsf_suite)
      IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM ... read more
    • CVE-2021-25176 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-12511
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. ... read more
    • CVE-2020-12525
      M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. ... read more
    • CVE-2020-12512
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12513
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2020-12514
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd ... read more
    • CVE-2021-2058 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2055 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2088 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2036 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2038 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker ... read more
    • CVE-2021-2048 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2072 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2061 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2030 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2042 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to ... read more
    • CVE-2021-2060 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable ... read more
    • CVE-2021-2122 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2032 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low ... read more
    • CVE-2021-2056 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2031 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2087 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2076 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2070 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2046 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2081 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    Older posts

MGS+ ICS Security Report August 2017

MG Strategy+ ICS Security Report August 2017: Editor Picks: News Intelligence Alerts Reports

 

Financial malware more than twice as prevalent as ransomware
Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate finance departments
Source: https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware

 

The Jetson’s Cyber Concerns – Future Smart Cities Cybersecurity Checklist
As cities continue to grow smarter, they will also become easier to hack. With millions (if not billions) of dollars going into research for urban domains and the Internet of Things (IoT), there will be more opportunities to utilize technology to define, access and improve smart city services and infrastructure. In these smart cities, information security plays a huge role in protecting the highest levels of confidentiality, availability and integrity for city resources and utilities.
Source: http://blog.trendmicro.com/jetsons-cyber-concerns-future-smart-cities-cybersecurity-checklist/

 

The Future of Ransomware
Ransomware isn’t new, but it’s increasingly popular and profitable.
Source: https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html

 

Rethinking Vulnerabilities: Network Infrastructure as a Software System
Increasing complexity is putting networks at risk. It’s time to shift our security approach and take some lessons from software development.
Source: https://www.darkreading.com/vulnerabilities—threats/rethinking-vulnerabilities-network-infrastructure-as-a-software-system/a/d-id/1328989

 

Over 8,600 Security Flaws Found in Pacemaker Systems
Security researchers from WhiteScope have uncovered over 8,600 vulnerabilities in pacemaker systems and the third-party libraries used to power various of their components.
Source: https://www.bleepingcomputer.com/news/security/over-8-600-security-flaws-found-in-pacemaker-systems/#.WTBsjfJS8zo.twitter

 

How the FBI relies on dark web intel firms as frontline investigators
Source: https://www.cyberscoop.com/dark-web-intelligence-fbi-investigations/

 

Using Physics to Protect Industrial Devices Against Hacking
Source: https://waterfall-security.com/blog/using-physics-protect-industrial-devices-hacking

 

Ransomware: Best Practices for Prevention and Response
Source: https://insights.sei.cmu.edu/sei_blog/2017/05/ransomware-best-practices-for-prevention-and-response.html

 

Machine Learning in Cybersecurity
Source: https://insights.sei.cmu.edu/sei_blog/2017/06/machine-learning-in-cybersecurity.html

 

Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series)
The first practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 1: Know and Protect Your Critical Assets. In this post, I discuss the importance and nature of this practice, which is a cornerstone of shaping and scoping a robust insider threat program.
Source: https://insights.sei.cmu.edu/insider-threat/2017/04/critical-asset-identification-part-1-of-20-cert-best-practices-to-mitigate-insider-threats-series.html

 

Jacobs to Acquire CH2M to Create Premier $15 Billion Global Solutions Provider
Source: http://invest.jacobs.com/investors/Press-Release-Details/2017/Jacobs-to-Acquire-CH2M-to-Create-Premier-15-Billion-Global-Solutions-Provider/default.aspx

 

Google to Achieve “Supremacy” in Quantum Computing by the End of 2017
In theory, quantum computers could be vastly superior to regular or “classical” computers in performing certain kinds of tasks, but it’s been hard to build one. Already a leader in this field, Google is now testing its most powerful quantum chip yet, a 20-qubit processor, which the company looks to more than double in power to 49 qubits by the end of 2017.
Source: http://bigthink.com/paul-ratner/google-to-achieve-supremacy-in-quantum-computing-by-the-end-of-2017

 

THE HIGH COST OF DARK ENDPOINTS; Do you know where all of your endpoints are and what they are running?
Source: https://blogs.absolute.com/high-cost-dark-endpoints/

 

THE CYBER-COMMITTED CEO; Three industry-leading practices help CISOs catalyze engagement with their CEO and board to make cybersecurity business-relevant.
Source: https://www.accenture.com/us-en/insight-cyber-committed-ceo

 

VULNERABILITY IN INDUSTRIAL CONTROL SOFTWARE AND QUALITY OF THE PATCH MANAGEMENT
Source: https://ics-cert.kaspersky.com/reports/2016/12/09/vulnerability-in-industrial-control-software-and-quality-of-the-patch-management/

 

What’s now and next in analytics, AI, and automation
Innovations in digitization, analytics, artificial intelligence, and automation are creating performance and productivity opportunities for business and the economy, even as they reshape employment and the future of work.
Source: http://www.mckinsey.com/global-themes/digital-disruption/whats-now-and-next-in-analytics-ai-and-automation

 

Cyber raises threat against America’s energy backbone
Source: https://www.eenews.net/stories/1060054924

 

UN Report Shows the Whole World Needs a Cybersecurity Upgrade
Major cyber-readiness gaps remain among nations, but nearly all countries need major improvements.
Source: https://www.inc.com/joseph-steinberg/un-report-shows-the-whole-world-needs-a-cybersecur.html

 

Half of all countries aware but lacking national plan on cybersecurity, UN agency reports
Only about half of all countries have a cybersecurity strategy or are in the process of developing one, the United Nations telecommunications agency today reported, urging more countries to consider national policies to protect against cybercrime. Releasing its second Global Cybersecurity Index (GCI), the International Telecommunication Union (ITU) said about 38 per cent of countries have a published cybersecurity strategy and an additional 12 per cent of governments are in the process of developing one.
Source: http://www.un.org/apps/news/story.asp?NewsID=57119#.WbL7_siGOUl

 

UN finds cybersecurity is a struggle worldwide
There are massive gaps in security among the 134 countries surveyed, including the world’s most powerful nations.
Source: https://www.cnet.com/news/united-nations-cybersecurity-global-index-united-states-singapore/

 

How Cisco is establishing itself as a cybersecurity leader
Cisco demonstrated its commitment to cybersecurity at its annual customer event. Good position, but lots of work ahead.
Source: https://www.csoonline.com/article/3205926/security/ciscolive-and-cybersecurity.html

 

Average time to plug SCADA holes is 150 days, says report
Source: http://www.itworldcanada.com/article/average-time-to-plug-scada-holes-is-150-days-says-report/393418

 

90% of Companies Get Attacked with Three-Year-Old Vulnerabilities
A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.
Source: https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/

 

Cybersecurity remains a growing problem
Learn the lessons or pay the price
Source: https://www2.deloitte.com/ca/en/pages/risk/articles/Deloitte-risk-series-insight-Cybersecurity.html

 

Tsunami of DDoS-for-Hire Platforms Coming From the East
Over the past six months, a large number of DDoS-for-hire platforms — also known as DDoS booters or DDoS stressors — have appeared in China, all sporting the same interface, and seeming to be based on the same source code.
Source: https://www.bleepingcomputer.com/news/security/tsunami-of-ddos-for-hire-platforms-coming-from-the-east/

 

THE BIGGEST CYBERSECURITY DISASTERS OF 2017 SO FAR
Source: https://www.wired.com/story/2017-biggest-hacks-so-far/

 

Major IIoT Challenges in 2017
Source: https://www.bayshorenetworks.com/blog/major-challenges-for-iiot-in-2017

 

Steps for Creating National CSIRTs
Source: http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=53062

 

How Industrial IoT Startups Will Disrupt the Incumbents
Source: https://www.bayshorenetworks.com/blog/how-industrial-iot-startups-will-disrupt-the-incumbents

 

Cybersecurity spend: ROI Is the wrong metric
Executives and board members should instead focus on network defender first principles.
Source: https://www.csoonline.com/article/3200270/network-security/cybersecurity-spend-roi-is-the-wrong-metric.html

Tags: AI,analytics,Asset Identification,Automation,CH2M,CSIRT,CyberSecurity,endpoints,Jacobs,Machine Learning,malware,Network Infrastructure,Quantum Computing,ransomware,SCADA,Smart Cities,trojans,Vulnerabilities,