VPN Vulnerability Disrupted 2 Manufacturing Plants
According to a researcher from Kaspersky Lab, hackers disabled two production facilities that belong to European manufacturer by exploiting relatively new vulnerability that encrypted servers that control a manufacturer’s industrial processes. The ransomware is known as Cring since January 2021. Cring affects the networks by exploiting long-patched flaws in VPNs sold by Fortinet. The flaw is tracked as CVE-2018-13379 and allows unauthenticated attackers to get an access to a session file that contains confidential information – the username and password for the VPN.
This incident is a bright example of how important it is to secure networks that are supposed to provide smooth flow of manufacturing processes. Binaré’s platform will check your software for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://arstechnica.com/information-technology/2021/04/ransomware-shuts-down-production-at-two-manufacturing-plants/
100 Million More IoT Devices Exposed To Wreck Flaws
Over the last couple of years, a number of flaws in basic TCP/IP code that enables communication between devices and the internet has been shockingly increasing. Nine more vulnerabilities of this type have been identified by the researchers and now expose an estimated 100 million devices worldwide such as IoT products and IT management services. The vulnerabilities would allow an unauthenticated attackers to either crash a device and switch it off or take a full remote control of it. Any of these attacks would pose a potential threat to critical industries, such as health care and manufacturing where intruding an IoT device or IT server can result in disruption of the whole system.
Binaré advises IoT device manufacturers and other businesses using connected devices to use Binaré automated IoT vulnerability management and firmware analysis platform to avoid a new variant of cyberattack. Check your firmware/IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here: https://www.wired.com/story/namewreck-iot-vulnerabilities-tcpip-millions-devices/
Samsung Turns Old Galaxy Phones Into IoT Devices
Samsung has launched a software update that would allow consumers to convert their old Galaxy phones into IoT devices such as childcare monitors and light sensors. This is an expansion of the Galaxy Upcycling program called Galaxy Upcycling at Home the purpose of which is to give new life to older devices. The first countries where the service is going be available are South Korea, the US and the UK. The phones can be turned into smart home devices, for example, a pet care solution. “The new feature will be available for all Galaxy S, Note, and Z smartphones that were released from 2018 onwards and run Android 9 and above”.
Binaré recommends users of new Samsung IoT devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Check your IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://www.zdnet.com/article/samsung-launches-software-update-to-turn-older-galaxy-phones-into-iot-devices/
Kerberos KDC Spoofing Vulnerability Affects F5 BIG-IP Devices
Cybersecurity researchers identified a new vulnerability, known as CVE-2021-23008, in the Kerberos Key Distribution Center (KDC) security feature affecting F5 Big-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing flaw allows a hacker to circumvent the Kerberos authentication, security policies and gain an access to sensitive workloads. At the time of the public disclosure, F5 Networks has released patches to address the vulnerability (CVE-2021-23008, CVSS score 8.1). The fixes were introduced in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3 and fixes for version 16.x are expected in the nearest future.
Binaré offers an effective solution to check your software for a wide range of vulnerabilities and security issues. Check your software for FREE with our Demo here: https://binare.io/!
More information about the incident can be found here:
https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html
Hacking Groups Attack Companies Using Zero-Day Vulnerabilities In Pulse Secure VPN
Over the last few months, several spy groups, including one believed to connected to the Chinese government, have been hacking the networks of organizations from the US and Europe by exploiting flaws in VPN devices from unreliable access provider Pulse Secure. The vulnerability, tracked as CVE-2021-22893, allows hackers to circumvent authentication on the Pulse Connect Secure VPN solution and execute arbitrary code. On the CVSS scale, the flaw is rated critical with a severity score of 10. While a patch for the issue has not been released yet, the company provides “a workaround in the form of an .xml configuration file that can be imported into the appliance”.
Binaré provides you not only with the platform but also with professional services that will help your business to avoid cyberattacks. Get an improved cybersecurity posture with Binaré’s expert and advisory services! Sign up here https://try.binare.io/get_in_touch and we will reach out to you as soon as possible.
More information about the incident can be found here: https://www.csoonline.com/article/3615283/spy-groups-hack-into-companies-using-zero-day-flaw-in-pulse-secure-vpn.html
Linux Kernel Vulnerability Gives The Way To Wider Cyberattacks
A security vulnerability has been identified in the Linux kernel, which can be exploited to disclose information in the kernel stack memory of vulnerable devices. According to Cisco Talos, the bug, tracked as CVE-2020-28588, is present in in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux. The bug takes its roots from “an improper conversion of numeric values when reading the file”.
Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here:
https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/
Free icons courtesy of flaticon.com by authors: Eucalyp, Smashicons, Freepik and phatplus