Category Added in a WPeMatico Campaign
There are 853 posts filed in Cybersecurity (this is page 82 of 86).
CISA released two Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Successful exploitation of these vulnerabilities could allow an attacker to obtain and leak plaintext credentials or remotely execute arbitrary code.
The following Softneta products are affected:
MedDream PACS: v7.2.8.810 and prior
3.2.1 EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749
The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.
CVE-2023-40150 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.2.2 PLAINTEXT STORAGE OF A PASSWORD CWE-256
The affected product stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.
CVE-2023-39227 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).
Noam Moshe of Claroty Research reported these vulnerabilities to CISA.
Softneta recommends users update to v7.2.9.820 of MedDream PACS Server or patch their current system using Fix-v230712.
For assistance or additional information about installing the software, please contact Softneta directly.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize or reboot the products, terminating the video transmission.
The following versions of Real-time Video Transmission Gear “IP series”, a hosted web application, are affected:
3.2.1 Use Of Hard-Coded Credentials CWE-798
The credentials of Fujitsu Limited Real-time Video Transmission Gear “IP series” for factory testing may be obtained by reverse engineering and other methods.
CVE-2023-38433 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Fujitsu Limited reported this vulnerability to JPCERT/CC.
Fujitsu Limited recommends updating the firmware to the latest version, which can be downloaded here.
Fujitsu Limited recommends placing the products on a secure network as a workaround.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.
VMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0019 and apply the necessary update.
Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM.
The following GE products are affected:
GE Digital CIMPLICITY: v2023
3.2.1 PROCESS CONTROL CWE-114
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
CVE-2023-4487 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Michael Heinzl reported this vulnerability to CISA.
GE Digital recommends users apply the following mitigations:
Update CIMPLICITY to v2023 SIM 1 (login is required)
Please refer to GE Digital’s security bulletin (login is required) for more information.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.
Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing malicious attachments or links to download the malware, which would reside in memory once on the victim network. QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.
CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections. To report incidents and anomalous activity, please contact one of the following organizations:
CISA, either through the agency’s online tool (cisa.gov/report) or the 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
FBI via a local field office.
Organizations are also encouraged to visit CISA’s Malware, Phishing, and Ransomware and StopRansomware.gov pages—StopRansomware provides a range of free U.S. government resources and services that can help bolster cyber hygiene, cybersecurity posture and reduce risk to ransomware, and contains an updated Joint #StopRansomware Guide.
Mozilla has released security updates to address vulnerabilities for Firefox 117, Firefox ESR 115.2, and Firefox ESR 102.15. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.
