The OT & IoT Cybersecurity Feed
Hey, I’m SCADAGirl.
I’m a cybersecurity superhero that ensures that OT & IoT networks are safe.
Here is my commentary on the latest headlines in OT & IoT security.
ICS Advisory (ICSA-20-224-04) Siemens SCALANCE, RUGGEDCOM
SCADAfence Research – Siemens SCALANCE and RUGGEDCOM switches, as well as security network segmentation devices are exposed to a Remote Code Execution vulnerability. A successful exploitation can significantly lower the security of the target organization’s network by allowing attackers to access OT networks that are supposed to be protected by those devices.
Additionally, Siemens Desigo CC Windows Application, which is designed for controlling and programming Building Management Systems (BMS) is vulnerable to a Remote Code Execution vulnerability. A successful exploitation may result in the attackers controlling or sabotaging the BMS system.
Bugs in HDL Automation Expose IoT Devices to Remote Hijacking
SCADAfence Research – New vulnerabilities were discovered in an automation system for smart homes and buildings that allowed taking over accounts belonging to other users and control associated devices. The vulnerabilities found in those devices might allow attackers to take control of the building’s air conditioning system, lightning and more. For more on BMS security, click here.
Vulnerable Perimeter Devices: A Huge Attack Surface
SCADAfence Research – JSOF, a local team of cybersecurity researchers, released the second whitepaper on their DNS client exploitation vulnerability (CVE-2020-11901) that got CVSS score of 9.1. This was the vulnerability that was demonstrated in their video. They show this vulnerability to be really severe but in my opinion it is less severe than they market it. The vulnerability is the DNS client of target devices. Because most of the affected devices don’t use DNS at all (i.e,PLCs / OT devices / Medical devices) generally use direct IP addresses to communicate – not DNS hostnames, thus it is not possible to attack them. Also, if some of them do send DNS queries, you have to be in some sort of MITM to see them and send them a response with an exploit.
The latest vulnerabilities in various gateway servers possess a threat to organizations who didn’t patch. Research shows the various gateways exposed to the internet – F5 Big-IP (1M devices), Citrix NetScalar Gateway (80K devices), Palo Alto Global Protect (60K devices), Microsoft Remote Desktop Gateway (40K devices), amongst others. For more on IoT security, click here.
ICS Advisory (ICSA-20-212-02) Mitsubishi Electric Multiple Factory Automation Engineering Software Products
SCADAfence Research – Numerous Mitsubishi Engineering Software Products are vulnerable to remote code execution and denial of service vulnerabilities – A total of 3 vulnerabilities were discovered. Among the software impacted are Mitsubishi’s PLC programming software GX Works2 and GX Works3. Also other network configuration software are impacted. Successful exploitation of this vulnerability may allow threat actors to take over engineering workstations. For more vulnerabilities that we found in Mitsubishi Electric products, click here.
ICS Advisory (ICSA-20-210-02) Softing Industrial Automation OPC
SCADAfence Research – A buffer overflow allowing Remote Code Execution influencing all Softing Industrial Automation OPC products (OPC servers for PLCs & networks) was discovered. OPC is a way of communication in OT networks, thus, successful exploitation may result in controlling the OPC servers. Attackers leveraging this can cause sabotage to industrial processes.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
Actiphy Inc., Releases ActiveImage Protector 2018 Update 7 With New Changed Block Comparison™ Technology
Tokyo – Actiphy Inc., publisher of backup, disaster recovery, and virtualization software, announces the release of ActiveImage Protector 2018 Update 7 with new Changed Block Comparison™ (CBC) technology for NTFS and Windows Cluster Shared Volume File System (CSVFS) backups.
Actiphy’s new CBC technology eliminates the need for filter drivers to monitor block changes for CSVFS and NTFS volumes. This can avoid potential issues on systems that are not suitable for installing additional drivers. In cluster-shared environments, should a backup-protected node failover to an alternate node, CBC maintains the integrity of the incremental backup chain. With the addition of the Changed Block Comparison technology, Actiphy’s flagship product ActiveImage Protector becomes an even more flexible product.
What is ActiveImage Protector?
Actiphy’s ActiveImage Protector is an enterprise-level backup and disaster recovery solution that supports both physical and virtual, Windows and Linux environments. ActiveImage Protector is the fastest and most powerful data protection solutions on the market, and provides all the necessary tools for enterprise deployment and management, immediate system recovery, switch-over availability, and virtual migration.
Taking advantage of our in-house development strengths, Actiphy maintains a finely-tuned research and development process that enhances our support services to better meet our customer’s needs.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Actiphy
Actiphy founded in 2007, focuses on developing and offering innovative backup and disaster recovery solutions for complete protection of all your systems and data. ActiveImage Protector backs up Windows, Linux machines on physical and virtual environments and restore systems and data fast for you to be up and running with minimal downtime and data loss. Today Actiphy hold 20% of the image backup market in Japan and are expanding our services in the Asia/Pacific and North American regions, as well as in Europe, the Middle East and Africa.
GREYCORTEX PARTNERS WITH CLICO IN POLAND AND THE CEE REGION
August 5, 2020: Brno, Czech Republic – GREYCORTEX, advanced network security solutions provider, is pleased to announce that they have partnered with CLICO, a specialized, value-added distributor, based in Krakow, Poland.
GREYCORTEX and CLICO are building a stronger market position to offer enterprises, SMBs, and governments the GREYCORTEX Mendel advanced network monitoring solution, to protect their networks from existing and emerging threats.
GREYCORTEX Mendel is now available via CLICO’s partners in Poland and many other countries in Central and Eastern Europe, including Romania, Bulgaria, Hungary, Croatia, Serbia, Slovenia, Montenegro, Kosovo, Albania, Macedonia, Bosnia & Herzegovina, Latvia, Lithuania, Estonia, and Moldova.
“We are glad to welcome CLICO, a leading player in the CEE cybersecurity market, as a new channel partner of our advanced network security solution” said Petr Chaloupka, GREYCORTEX CEO. “We are confident that CLICO`s deep technical expertise and strong sales channel will strengthen our market position in Poland and open new markets in Central and Eastern Europe.”
„What’s in my network? Is my network secure? These are the questions that business very often asks itself or its IT employees. In order to answer these questions with certainty, it is necessary to implement a professional network security monitoring solution, combining advanced network traffic analysis (NTA – Network Traffic Analysis) techniques with a unique environment visualization in order to visualize communication, detect security risks and threats. The solution should also enable a quick and effective response to threats resulting from misconfiguration, network performance problems, or advanced threats. That is why we are very pleased to announce that this kind of solution delivered by GREYCORTEX is now available in CLICO distribution portfolio.” – says Artur Holeczek, Security Product Manager at CLICO.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.
MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.
MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.
About Talma
With more than 29 years offering complete solutions, in Talma we provide safe, fast and efficient airport services. We operate in 19 airports in Colombia.
Back to school 2020 – stay safe online with ESET Internet Security
Bratislava – The 2020 back to school season will be unlike any other — whether you’re heading back to school physically or virtually, it is essential that students, teachers and administrators alike are protected against online threats.
COVID-19 has dramatically altered the education experience for the foreseeable future, both for school-age children and university students. For many, virtual classrooms replaced physical ones overnight, turning living rooms into classrooms and disrupting technological systems already in place.
With students relying on home devices and networks often shared by multiple users, it has never been more important to secure your networks and personal and professional data. As virtual schooling becomes more commonplace, a longer-term concern for educators and students alike is how to maintain online privacy and data protection as personal information, such as grades and behavioral reports, need to be shared. For those returning to the physical classroom, abiding by hygienic and social distancing guidelines will be critical, and teachers can focus on the physical safety of their students once they know their online experience is secured.
ESET Internet Security offers advanced protection from hackers, scams and malware, and is a multi-layered security system that protects you against all types of online and offline threats. Key features include:
Multiplatform protection – Secure all your devices with a single license. No matter whether you run on a Mac, Windows, Android or Linux, we’ve got you covered!
Keep your privacy protected – Prevent unauthorized access to your computer and misuse of your data. Stay safe while making online payments – Our product automatically protects your internet banking and offers a special secured browser through which you can safely pay online and access web-based crypto wallets.
Anti-theft features – Stay safer by tracking and locating your missing computer in case it gets lost or stolen, and identify thieves via your laptop’s built-in camera.
Enjoy safer connections – Protect your webcam and home router from intruders. Test your passwords, and scan your smart devices for vulnerabilities.
ESET Consumer & IoT Segment Director, Mária Trnková, commented, “So many aspects of life have changed dramatically over the course of the year, and education is no exception. The pandemic has transformed the teaching and learning experience for many across the globe, and the last thing anyone needs is to deal with a cybersecurity breach. We are proud to support educators and students with cutting-edge technology to ensure that all users are safe and secure this back to school season.”
Click here to find out more information about ESET Internet Security.
About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.