#auth

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader

The 2023 Talos Year in Review is full of insights on how the threat landscape has evolved. But what does that mean for defenders? This blog contains recommendations on how to gain more visibility across your network.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP, SINAMICS, SIPLUS NET CP Vulnerability: Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker with network access to the web server of an affected device to perform a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC CP 1242-7 V2 (incl. SIPLUS variants): All versions SIMATIC CP 1243-1 (incl. SIPLUS variants): All versions SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants): All...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK MC, SINUMERIK ONE Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SINUMERIK MC: All versions prior to V1.22 SINUMERIK ONE: All versions prior to V6.22 3.2 Vulnerability Overview 3.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190 The OPC UA implementations (ANSI C and C++...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: LOGO! and SIPLUS LOGO! Products Vulnerability: Improper Protection against Electromagnetic Fault Injection (EM-FI) 2. RISK EVALUATION Successful exploitation of this vulnerability could cause an electromagnetic fault injection, which would allow an attacker to dump and debug the firmware including memory manipulation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: LOGO! 12/24RCE (6ED1052-1MD08-0BA1): Versions v8.3 and prior LOGO! 12/24RCEo (6ED1052-2MD08-0BA1): Versions v8.3 and prior LOGO! 24CE (6ED1052-1CC08-0BA1): Versions v8.3 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC and SIPLUS products Vulnerabilities: Uncontrolled Recursion, Buffer Access with Incorrect Length Value 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized attacker with network access to the web server to perform a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0): All versions SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0): All versions SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES74...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from adjacent network Vendor: Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. Equipment: Kantech Gen1 ioSmart card reader Vulnerability: Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's communication memory between the card and reader. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kantech Gen1 ioSmart card reader are affected: Kantech Gen1 ioSmart card reader: firmware versions prior to 1.7.2 3.2 Vulnerability Overview 3.2.1 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401 Kantech Gen1 ioSmart card readers with firmware versions prior to 1.7.2 do not properly release memory after its effective lifetime. An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances can recover the reader's com...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Missing Encryption of Sensitive Data, Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Improper Input Validation, Out-of-bounds Write, Out-of-bounds Read, Infinite Loop, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Allocation of Resources Without Limits or ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE M-800/S615 Family Vulnerabilities: Improper Validation of Specified Quantity in Input, Use of Hard-coded Cryptographic Key, Use of Weak Hash, Forced Browsing, Uncontrolled Resource Consumption, Unchecked Return Value, Injection, Unsynchronized Access to Shared Data in a Multithreaded Context, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject code or spawn a system root shell. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: RUGGEDCO...

By Deeba Ahmed Cloud Security Shakeup: Experts Urge Caution as OAuth Becomes Hacker Playground. This is a post from HackRead.com Read the original post: Microsoft: Storm-1283 Sent 927,000 Phishing Emails with Malicious OAuth Apps