Security CERT Global

    • CVE-2020-27272 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows ... read more
    • CVE-2021-2029 (scripting)
      Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access ... read more
    • CVE-2020-27256 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin ... read more
    • CVE-2020-27276 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities ... read more
    • CVE-2020-27270 (anydana-a_firmware, anydana-i_firmware, diabecare_rs_firmware)
      SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically ... read more
    • CVE-2021-21270
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server ... read more
    • CVE-2020-28487
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element ... read more
    • CVE-2020-12511
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web ... read more
    • CVE-2020-12513
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2021-21259
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker ... read more
    • CVE-2020-4766
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending ... read more
    • CVE-2020-12512
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12514
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a ... read more
    • CVE-2020-12525
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data ... read more
    • CVE-2021-21260
      Gravedad: NonePublicado: 22/01/2021Last revised: 22/01/2021Descripción: *** Pendiente de traducción *** Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers ... read more
    • CVE-2020-4887 (aix, vios)
      IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM ... read more
    • CVE-2020-28707 (stockdio_historical_chart)
      The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. ... read more
    • CVE-2021-25178 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. ... read more
    • CVE-2020-28480 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading ... read more
    • CVE-2020-27733 (manageengine_applications_manager)
      Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. ... read more
    • CVE-2020-23342 (anchor_cms)
      A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. ... read more
    • CVE-2020-28479 (jointjs)
      The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. ... read more
    • CVE-2021-25177 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-4983 (spectrum_lsf, spectrum_lsf_suite)
      IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM ... read more
    • CVE-2021-25176 (drawings_software_development_kit)
      An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause ... read more
    • CVE-2020-12511
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface. ... read more
    • CVE-2020-12525
      M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. ... read more
    • CVE-2020-12512
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting ... read more
    • CVE-2020-12513
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. ... read more
    • CVE-2020-12514
      Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd ... read more
    • CVE-2021-2058 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2055 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2088 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2036 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2038 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker ... read more
    • CVE-2021-2048 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2072 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2061 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2030 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2042 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to ... read more
    • CVE-2021-2060 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable ... read more
    • CVE-2021-2122 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2032 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low ... read more
    • CVE-2021-2056 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2031 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2087 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon ... read more
    • CVE-2021-2076 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2070 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2046 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2081 (mysql)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read more

SEC Security Report September 2017

SEC Security Report September 2017: Editor Picks: News Intelligence Alerts Reports

 

WannaCry Post Mortem: Early Warning Indicators and Lessons Learned for the Healthcare Industry
As the saying goes, “those who don’t learn from history are doomed to repeat it.” Some very recent history that’s worth tuning in to is the story of the WannaCry attacks that took place this past April and May. ….
Source: https://blog.hitrustalliance.net/wannacry-post-mortem-early-warning-indicators-lessons-learned-healthcare-industry/

 

The State of SCADA HMI Vulnerabilities
Attacking SCADA Through HMIs: SCADA systems run the world’s various critical infrastructure sectors and are thus inherently attractive to different threat actors. Threat actors can use their access to SCADA systems to gather information such as a facility’s layout, critical thresholds, or device settings for use in later attacks.
Source: https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-state-of-scada-hmi-vulnerabilities

 

The future of being human
One of our great debates is whether we are on the cusp of a robot-and-artificial intelligence apocalypse that renders many humans jobless, at least in the sense of work as we know it today: Is super-human intelligence coming soon? Is it coming at all? Are humans in danger? The reality is that, despite great certitude on all sides, no one really knows…
Source: https://www.axios.com/the-future-of-being-human-2476364075.html

 

GE shifts strategy, financial targets for digital business after missteps
“There was a lot of money spent on Predix,” said a former senior financial executive at GE who worked with Flannery. “They are going to tighten the grip and ensure there’s a return.”
Source: https://www.reuters.com/article/us-ge-digital-outlook-insight/ge-shifts-strategy-financial-targets-for-digital-business-after-missteps-idUSKCN1B80CB

 

How Machine Learning Enhances The Value Of Industrial Internet of Things
Industrial Internet of Things (IIoT) is already revolutionizing domains such as manufacturing, automobiles and healthcare. But the real value of IIoT will be realized only when Machine Learning (ML) is applied to the sensor data.
Source: https://www.forbes.com/sites/janakirammsv/2017/08/27/how-machine-learning-enhances-the-value-of-industrial-internet-of-things/#c30569b3f389

 

Threat Intelligence’s Big Data Problem
Security teams are drowning in often useless threat intel data, but signs of maturity are emerging in what IT-Harvest predicts will be a $1.5 billion market by 2018.
Source: https://www.darkreading.com/threat-intelligence/threat-intelligences-big-data-problem/d/d-id/1324702

 

SANS Institute Survey Finds Unprotected Devices and Ransomware are Top Threats to Industrial Control Systems

SANS Institute’s annual survey of industrial control systems (ICS) has revealed that the introduction of unprotected devices into sensitive ICS networks and ransomware are now among the top threats that organizations face in securing critical infrastructure. In addition, 69% of respondents stated that the level of threats to control systems is now high or severely critical.
Source: http://www.globalsecuritymag.com/SANS-Institute-Survey-Finds,20170814,73115.html

 

What Is Threat Intelligence? Definition and Examples
Everybody in the security world knows the term “threat intelligence.” At this point, even some non-security folks have started talking about it. But it’s still very poorly understood.
Source: https://www.recordedfuture.com/threat-intelligence-definition/

 

Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows
Cybersecurity experts based their reasoning partly on having identified the group of Ukrainian users who were initially and improbably targeted: tax accountants.
Source: https://www.nytimes.com/2017/06/28/world/europe/ukraine-ransomware-cyberbomb-accountants-russia.html

 

Shodan and Censys: the ominous guides through the Internet of Things Snapchat caught in phishing campaign
Look around — we are living in the Internet of Things. In our day-to-day life, we encounter things connected to the Internet, starting with our home Wi-Fi routers and leading up to traffic light management systems and street security cameras. Since they are connected, all of them can be found in two worlds — both in the real world and in the Web.
Source: https://www.kaspersky.com/blog/shodan-censys/11430/

 

Tags: Automation,Big Data,Critical Infrastructure,CyberSecurity,HMI Vulnerabilities,IIot,Industrial Control Systems,Machine Learning,Predix,SCADA,Threat Intelligence,WannaCry,