Siemens patches vulnerability that allows attackers to irreparably compromise entire SIMATIC S7-1200/1500 PLC product lines
Update to new versions of the vulnerable PLC and engineering workstation or implement the workarounds [300 words]. What: A critical vulnerability (CVE-2022-38465 ) exists within Siemens SIMATIC S7-1200, S7-1500 programmable logic controllers (PLCs) and TIA Portal that gives attackers a way to extract “heavily guarded, hardcoded, global private cryptographic keys” in the vulnerable products. Threat actors […]
Read MoreMicrosoft looking into reports of a third Exchange Server zero-day?
Security vendor that discovered bug recommends organizations limit IIS app operating privileges on Exchange Server [297 words] What: Microsoft apparently is looking into a report it received from South Korean cybersecurity vendor AhnLab about yet another Exchange Server zero-day vulnerability. To be clear, the vulnerability it is reportedly looking into now is different from the […]
Read MoreHere are the highlights of Microsoft’s October 2022 Security Update
Microsoft released fixes for a total of 84 CVEs across its products [300 words]. One of the vulnerabilities that Microsoft patched today is a zero-day that is being actively exploited: Windows COM+ Event System Service Elevation of Privilege Vulnerability (CVE-2022-41033): An attacker could gain system level privileges. Two other recently disclosed zero-days (CVE-2022-41040 and CVE-2022-41082) […]
Read MoreUpdate: Attackers actively exploiting recently disclosed authentication bypass vulnerability in FortiOS, FortiProxy and FortiSwitchManager
Key takeaway: Adversaries can exploit the vulnerability remotely to gain full control of affected systems [297 words]. What: Attackers have begun actively exploiting a critical authentication bypass vulnerability (CVE-2022-40684) that Fortinet privately disclosed last week in its FortiOS, FortiProxy and FortiSwitchManager technologies. The vulnerability allows a remote, unauthenticated attacker to gain full administrative control of […]
Read MoreLog4j vuln tops list of CVEs that the US govt says Chinese groups are actively exploiting
Key takeaway: Ensure that you have patched these vulnerabilities—or have mitigations for them especially if your organization is in the technology, telecommunications, defense industrial base and other critical infrastructure sectors. [216 words] What: The US National Security Agency (NSA), Cybersecurity and Infrastructure Agency (CISA) and the FBI have issued a joint cybersecurity advisory listing the […]
Read MoreFortinet warns of critical severity remotely executable authentication bypass vulnerability
Key takeaway: Fortinet products are a popular attacker target. Update now if you have affected versions of FortiOS and FortiProxy in your environment. If you cannot patch immediately disable Internet facing HTTPS Admin till you can.[296 words] What: A critical authentication bypass vulnerability (CVE-2022-40684) exists in the following FortiOS and FortiProxy versions. FortiOS: From 7.0.0 […]
Read MoreFederal jury finds former Uber CISO guilty on criminal charges related to 2016 breach
Key takeaway: Don’t attempt to conceal a data breach. [293 words] What: A federal jury in California has convicted former Uber CISO Joseph Sullivan for attempting to conceal a 2016 data breach that exposed sensitive account data belonging to some 57 million riders and drivers. The San Francisco jury found Sullivan guilty of obstructing justice […]
Read MoreCISA ups the ante on asset discovery and vulnerability detection on federal networks
Key takeaway: If you aren’t already doing continuous automated asset discovery and vulnerability enumeration on discovered assets, now is a good time to get started. [259 words] What: The US Cybersecurity and Infrastructure Security Agency (CISA) this week issued Binding Operational Directive (BOD) 23-01 that requires all federal, executive branch, and agencies to implement measurable […]
Read MoreHere’s what you need to know about the new (actively exploited) Microsoft Exchange Server 0-Days: CVE-2022-41040 and CVE-2022-41082
Latest update: Microsoft has updated its mitigation for the flaw. Implement it. [265 words] What: Two zero-day vulnerabilities exist in Microsoft Exchange Server 2013, 2016 and 2019. One of the flaws CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability. The other is CVE-2022-41082, allows Remote Code Execution (RCE) via PowerShell. Both vulnerabilities require an attacker […]
Read More