Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems. Statistics for H1 2023
• Focus on DroxiDat/SystemBC

Security Magazine

• Critical infrastructure workers more likely to detect, report phishing
• Fill out the Security Benchmark Survey for 2023
• Critical infrastructure attacks are ramping up
• Protecting critical infrastructure with radar
• Resin and circuitry company cited by OSHA for chemical exposure risks
• Florida city investigated by OSHA for whistleblower treatment

• Cadisha Miceli | Women in Security 2023
• CISA MTS Guide may enhance critical infrastructure resilience
• DNV appoints Anette Roll Richardsen as Director of Cybersecurity
• Fishing vessel cited for electrical hazards and poor sanitation
• 2022 breaks record for TSA firearm interceptions
• 5 geopolitical risk factors affecting organizations in 2023

• White House announces aviation safety plans
• Seattle TSA emphasizes security ahead of Labor Day travel
• Railway company agrees to new safety measures following derailment
• The rise in e-commerce forces retailers to adjust IT procedures
• Protecting manufacturing and warehousing employees
• Fill out the Security Benchmark Survey for 2023

Case Studies

• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity
• Pharmaceutical company secures network with AppSec compliance tools

• CANVAS Hotel Dallas boosts security by adopting new door lock solution
• City of San Jose upgrades traffic security with advanced locks
• New York biotech company deploys security robots
• Self storage company utilizes security robots
• Arkansas school district enhances security at future sports complex
• Putting the pride into healthcare security officer training

News

• Hunter Biden Sues Rudy Giuliani And Former Attorney, Alleging They Tried To Hack His Devices
• Sony Investigating After Hackers Offer To Sell Stolen Data
• Xenomorph Android Banking Trojan Targeting Users In US, Canada
• Russia's APT29 Intensifies Espionage Operations
• Space Force Chief Says Commercial Satellites May Need Defending
• 900 US Schools Impacted By MOVEit Hack At National Student Clearinghouse
• Government Of Bermuda Links Cyberattacks To Russian Hackers
• 3 iOS 0-Days, A Cellular Network Compromise, And HTTP Used To Infect An iPhone
• City Of Dallas Details Ransomware Attack Impact, Costs
• New Sandman APT Group Hitting Telcos With Rare LuaJIT Malware
• TransUnion Thinks Dump Of Stolen Customer Data Came From Someone Else
• Apple Patches 3 Zero Days Likely Exploited By Spyware Vendor To Hack iPhones
• Incomplete Disclosures By Apple And Google Create Huge Blindspot For 0-Day Hunters
• US Govt IT Help Desk Techie Leaked Top Secrets To Foreign Nation
• MGM Resorts Operations Resume 10 Days After Cyberattack
• Poland Investigates OpenAI Over Privacy Concerns
• Cisco Beefs Up Cybersecurity Play With $28 Billion Splunk Deal
• India's Biggest Tech Centers Named As Cyber Crime Hotspots
• Feds Issue Snatch Ransomware Warning
• Vast Majority Of Bot Attacks Emanate From China And Russia
• Robocall Scammers Sentenced In US After Netting $1.2 Million
• The Signal Protocol Used By 1+ Billion People Is Getting A Post-Quantum Makeover
• Marvell Disputes Claim Cavium Backdoored Chips For Uncle Sam
• Fake WinRAR Exploit PoC Drops VenomRAT Malware
• Pizza Hut Australia Got Hacked

Exploits

• RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption
• OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation
• LogoBee CMS 0.2 Cross Site Scripting
• Lamano LMS 0.1 Insecure Settings
• Elasticsearch 8.5.3 Stack Overflow
• Taskhub 2.8.8 Cross Site Scripting
• TOTOLINK Wireless Routers Remote Command Execution
• Luxcal Event Calendar 3.2.3 Cross Site Request Forgery
• Lamano CMS 2.0 Cross Site Request Forgery
• WordPress Theme My Login 2FA Brute Force
• Apache Airflow 1.10.10 Remote Code Execution
• Lexmark Device Embedded Web Server Remote Code Execution
• WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
• Taskhub 2.8.7 SQL Injection
• Packers And Movers Management System 1.0 SQL Injection
• Super Store Finder 3.7 Remote Command Execution
• Lamano CMS 2.0 SQL Injection
• Lacabane 1.0 SQL Injection
• Free And Open Source Inventory Management System 1.0 SQL Injection
• Atos Unify OpenScape Code Execution / Missing Authentication
• PTC - Codebeamer Cross Site Scripting
• Ivanti Avalanche MDM Buffer Overflow
• Razer Synapse Race Condition / DLL Hijacking
• KPOT Stealer CMS 2.0 Directory Traversal
• KPK CMS 1.0 SQL Injection

• [dos] SyncBreeze 15.2.24 - 'login' Denial of Service
• [local] GOM Player 2.3.90.5360 - Buffer Overflow (PoC)
• [webapps] Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
• [webapps] Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
• [remote] Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
• [remote] GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
• [webapps] soosyze 2.0.0 - File Upload
• [webapps] Wp2Fac - OS Command Injection
• [webapps] Wordpress Plugin Elementor 3.5.5 - Iframe Injection
• [webapps] Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure
• [webapps] SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
• [webapps] SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
• [webapps] Bus Reservation System 1.1 - Multiple-SQLi
• [webapps] WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
• [webapps] Member Login Script 3.3 - Client-side desync
• [webapps] DLINK DPH-400SE - Exposure of Sensitive Information
• [webapps] FileMage Gateway 1.10.9 - Local File Inclusion
• [local] Kingo ROOT 1.5.8 - Unquoted Service Path
• [local] Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow
• [webapps] AdminLTE PiHole 5.18 - Broken Access Control
• [webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
• [webapps] CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
• [webapps] Academy LMS 6.1 - Arbitrary File Upload
• [webapps] Credit Lite 1.5.4 - SQL Injection
• [local] NVClient v5.0 - Stack Buffer Overflow (DoS)
• [remote] Ivanti Avalanche
• [webapps] Hyip Rio 2.1 - Arbitrary File Upload
• [webapps] Blood Donor Management System v1.0 - Stored XSS
• [webapps] Uvdesk 1.1.4 - Stored XSS (Authenticated)
• [webapps] User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)
• [webapps] User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)
• [webapps] Taskhub CRM Tool 2.8.6 - SQL Injection
• [webapps] OVOO Movie Portal CMS v3.3.3 - SQL Injection
• [webapps] Global - Multi School Management System Express v1.0- SQL Injection
• [webapps] Color Prediction Game v1.0 - SQL Injection
• [webapps] Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
• [webapps] PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
• [remote] EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download
• [remote] EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
• [remote] EuroTel ETL3100 - Transmitter Default Credentials
• [webapps] Dolibarr Version 17.0.1 - Stored XSS
• [local] Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
• [remote] TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
• [remote] TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
• [remote] TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
• [local] OutSystems Service Studio 11.53.30 - DLL Hijacking

Last 20 Website Defacements - Zone-h

Advisories

• Debian Security Advisory 5505-1 Tue, 26 Sep 2023 13:02:09 GMT
  Debian Linux Security Advisory 5505-1 - Matteo Memelli reported an out-of-bounds read flaw when parsing CDP addresses in lldpd, an implementation of the IEEE 802.1ab (LLDP) protocol. A remote attacker can take advantage of this flaw to cause a denial of service via a specially crafted CDP PDU packet.
• Debian Security Advisory 5504-1 Mon, 25 Sep 2023 14:23:22 GMT
  Debian Linux Security Advisory 5504-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
• Apple Security Advisory 2023-09-21-7 Mon, 25 Sep 2023 14:22:23 GMT
  Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.
• Apple Security Advisory 2023-09-21-6 Mon, 25 Sep 2023 14:15:39 GMT
  Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.
• Apple Security Advisory 2023-09-21-5 Mon, 25 Sep 2023 14:15:24 GMT
  Apple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.
• Ubuntu Security Notice USN-6190-2 Mon, 25 Sep 2023 14:15:01 GMT
  Ubuntu Security Notice 6190-2 - USN-6190-1 fixed a vulnerability in AccountsService. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Kevin Backhouse discovered that AccountsService incorrectly handled certain D-Bus messages. A local attacker could use this issue to cause AccountsService to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6365-2 Mon, 25 Sep 2023 14:14:44 GMT
  Ubuntu Security Notice 6365-2 - USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations.
• Apple Security Advisory 2023-09-21-4 Mon, 25 Sep 2023 14:10:44 GMT
  Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.
• Apple Security Advisory 2023-09-21-3 Mon, 25 Sep 2023 14:08:28 GMT
  Apple Security Advisory 2023-09-21-3 - iOS 16.7 and iPadOS 16.7 addresses bypass vulnerabilities.
• Apple Security Advisory 2023-09-21-2 Mon, 25 Sep 2023 14:03:59 GMT
  Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.
• Apple Security Advisory 2023-09-21-1 Mon, 25 Sep 2023 13:53:22 GMT
  Apple Security Advisory 2023-09-21-1 - Safari 16.6.1 addresses a code execution vulnerability.
• Ubuntu Security Notice USN-6394-1 Fri, 22 Sep 2023 17:38:27 GMT
  Ubuntu Security Notice 6394-1 - It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
• Ubuntu Security Notice USN-6395-1 Fri, 22 Sep 2023 17:38:15 GMT
  Ubuntu Security Notice 6395-1 - Mickael Karatekin discovered that GNOME Shell incorrectly allowed the screenshot tool to view open windows when a session was locked. A local attacker could possibly use this issue to obtain sensitive information.
• Red Hat Security Advisory 2023-5337-01 Fri, 22 Sep 2023 17:37:54 GMT
  Red Hat Security Advisory 2023-5337-01 - A security update for Camel K 1.10.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-6360-2 Fri, 22 Sep 2023 17:00:28 GMT
  Ubuntu Security Notice 6360-2 - USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6393-1 Thu, 21 Sep 2023 16:23:50 GMT
  Ubuntu Security Notice 6393-1 - It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash.
• Debian Security Advisory 5503-1 Thu, 21 Sep 2023 16:23:34 GMT
  Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure.
• Red Hat Security Advisory 2023-5309-01 Thu, 21 Sep 2023 16:23:21 GMT
  Red Hat Security Advisory 2023-5309-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
• Ubuntu Security Notice USN-6391-2 Thu, 21 Sep 2023 16:20:39 GMT
  Ubuntu Security Notice 6391-2 - USN-6391-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6392-1 Thu, 21 Sep 2023 16:20:23 GMT
  Ubuntu Security Notice 6392-1 - It was discovered that libppd incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause libppd to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-5314-01 Thu, 21 Sep 2023 16:20:10 GMT
  Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-6391-1 Thu, 21 Sep 2023 16:18:48 GMT
  Ubuntu Security Notice 6391-1 - It was discovered that CUPS incorrectly parsed certain Postscript objects. If a user or automated system were tricked into printing a specially crafted document, a remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6390-1 Thu, 21 Sep 2023 16:18:32 GMT
  Ubuntu Security Notice 6390-1 - It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channel could possibly use this issue to cause Bind to crash, resulting in a denial of service. Robert Story discovered that Bind incorrectly handled certain DNS-over-TLS queries. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
• Red Hat Security Advisory 2023-5313-01 Thu, 21 Sep 2023 16:18:22 GMT
  Red Hat Security Advisory 2023-5313-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2023-5312-01 Thu, 21 Sep 2023 16:18:09 GMT
  Red Hat Security Advisory 2023-5312-01 - The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Issues addressed include a bypass vulnerability.