Critical Infrastructure

SecList ICS

• Targeted attack on industrial enterprises and public institutions
• Managed detection and response in 2021

Security Magazine

• TSA updates cybersecurity requirements for pipeline owners and operators
• Protecting utilities: Top criminal and terrorist targets
• Electric company uses SAP monitoring to bolster cybersecurity
• CISOs rank their top security priorities through 2025
• Evolving cybersecurity to protect today’s energy network architecture
• Dept of Energy releases C2M2 version 2.1 for energy cybersecurity

• TSA adds additional gender marker option for PreCheck security screening
• Port of Baltimore adds biometric security for cruise travel
• TSA intercepted 17 guns per day in first half of 2022
• Women in Security 2022: Paulette Henderson, Delta Air Lines
• Explosives detection tech boosts security at Buffalo airport
• Incident management system helps secure Prague Airport

• Biometrics and access control for cannabis operators
• Major cannabis business risks and security considerations
• It's time for manufacturers to build a collaborative cybersecurity team
• CISOs rank their top security priorities through 2025
• Challenges in smart factory and manufacturing cybersecurity
• Five benefits of industrial cybersecurity implementation

Case Studies

• Electric company uses SAP monitoring to bolster cybersecurity
• Pharmaceutical company secures network with AppSec compliance tools
• Tech university stops cyberattack with AI
• Coding robot teaches K-12 students about cybersecurity
• Anti-human trafficking organization combats abuse with data analytics
• Behavioral psychology training reduces cybersecurity risks

• Maine launches 988 emergency call service
• WKS bolsters security with virtual guard services
• Executive protection strategies secure election observation in Lebanon
• Wisconsin’s Deer District scores a winning security plan
• License plate readers in schools
• Case Western Reserve University adds campus safety app

News

• FTC Kicks Off Potentially Massive New Regulation On Commercial Surveillance
• Starlink Successfully Hacked Using $25 Modchip
• FAANGs Failing On Keeping User Data Safe From Bug Hunters
• Facebook's In-App Browser On iOS Tracks Anything You Do On Any Website
• Dutch Detain Suspected Developer Of Crypto Mixer Tornado Cash
• NHS IT Supplier Held To Ransom By Hackers
• Meta's Chatbot Says The Company Exploits People
• Researchers Use Invisible Finger To Remotely Control Touchscreens
• Cisco Confirms Network Breach Via Hacked Employee Google Account
• Stats Say Chinese Researchers Not Deterred By China's Vulnerability Law
• Ukrainian Website Threat Landscape Throughout 2022
• Former Twitter Employee Convicted As Saudi Spy
• APIC Fail: Intel Sunny Cove Chips With SGX Spill Secrets
• Cloudflare: Someone Tried To Pull The Twilio Phishing Tactic On Us
• Microsoft Patches Dogwalk Zero Day And 17 Critical Flaws
• Chinese Scams Target Kids With Promise Of Extra Gaming Hours
• Twilio Customer Data Exposed After Its Staffers Got Phished
• Scientists Hid Encryption Key For Wizard Of Oz Text In Plastic Molecules
• Crypto And The US Government Are Headed For A Decisive Showdown
• China-Linked Spies Used Six Backdoors To Steal Info From Defense, Industrial Enterprise Orgs
• Small Businesses Count Cost Of Apple's Privacy Changes
• San Diego Citizens Wrest Control Of Surveillance Tech Away From Police
• Slack Leaked Hashed Passwords From Its Servers For Years
• Dark Utilities C2 Service Draws Thousands Of Cyber Criminals
• U.S. Imposes Sanctions On Virtual Currency Mixer Tornado Cash

Exploits

• Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow
• Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow
• Gas Agency Management 2022 SQL Injection / XSS / Shell Upload
• Readymade Job Portal Script SQL Injection
• Fiberhome AN5506-02-B Cross Site Scripting
• Intelbras ATA 200 Cross Site Scripting
• Webmin Package Updates Command Injection
• Zimbra zmslapd Privilege Escalation
• AirSpot 5410 0.3.4.1-4 Remote Command Injection
• Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass
• Feehi CMS 2.1.1 Cross Site Scripting
• Matrimonial PHP Script 1.0 SQL Injection
• PAN-OS 10.0 Remote Code Execution
• Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage
• Prestashop Blockwishlist 2.1.0 SQL Injection
• Thingsboard 3.3.1 Cross Site Scripting
• ManageEngine ADAudit Plus Path Traversal / XML Injection
• WordPress Duplicator 1.4.7.1 Backup Disclosure
• Nortek Linear eMerge E3-Series Account Takeover
• Nortek Linear eMerge E3-Series Command Injection
• Nortek Linear eMerge E3-Series Credential Disclosure
• Zimbra UnRAR Path Traversal
• WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery
• Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution
• Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass

• [remote] PAN-OS 10.0 - Remote Code Execution (RCE) (Authenticated)
• [webapps] ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
• [webapps] ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
• [webapps] Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
• [webapps] Prestashop blockwishlist module 2.1.0 - SQLi
• [remote] uftpd 2.10 - Directory Traversal (Authenticated)
• [remote] Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH)
• [webapps] Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
• [webapps] NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
• [remote] Omnia MPX 1.5.0+r1 - Path Traversal
• [webapps] mPDF 7.0 - Local File Inclusion
• [webapps] CuteEditor for PHP 6.6 - Directory Traversal
• [webapps] WordPress Plugin Duplicator 1.4.7 - Information Disclosure
• [webapps] WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
• [webapps] Wavlink WN530HG4 - Password Disclosure
• [webapps] Wavlink WN533A8 - Password Disclosure
• [webapps] Wavlink WN533A8 - Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)
• [remote] Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
• [webapps] Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal
• [local] Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted Service Path
• [webapps] Dingtian-DT-R002 3.1.276A - Authentication Bypass
• [remote] rpc.py 0.6.0 - Remote Code Execution (RCE)
• [webapps] Geonetwork 4.2.0 - XML External Entity (XXE)
• [webapps] WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
• [webapps] OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
• [webapps] CodoForum v5.1 - Remote Code Execution (RCE)
• [local] Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path
• [webapps] Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
• [local] Kite 1.2021.610.0 - Unquoted Service Path
• [remote] IOTransfer 4.0 - Remote Code Execution (RCE)
• [remote] Nginx 1.20.0 - Denial of Service (DOS)
• [remote] WiFi Mouse 1.7.8.5 - Remote Code Execution(v2)
• [webapps] Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)
• [webapps] WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
• [webapps] WordPress Plugin Weblizar 8.9 - Backdoor
• [webapps] SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)
• [webapps] SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)
• [webapps] Old Age Home Management System 1.0 - SQLi Authentication Bypass
• [webapps] ChurchCRM 4.4.5 - SQLi
• [remote] Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
• [webapps] phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)
• [remote] TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)
• [webapps] Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
• [remote] Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
• [local] HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path

Last 20 Website Defacements - Zone-h

• https://igf.gouv.ht/1.php
• http://arkhangai.gov.mn
• http://nknda.gov.gh
• http://www.sajorakhea.go.th/index.php
• http://www.tungluang.go.th/index.php
• http://www.yangngam.go.th/index.php
• https://www.secpt.go.th
• http://pta-semarang.go.id/xid.txt
• http://www.bankruatcity.go.th/index.php
• http://pa-masohi.go.id/templates/beez3/read.txt
• http://pa-ambon.go.id/templates/beez3/read.txt
• http://pa-namlea.go.id/templates/beez3/read.txt
• http://kotajalur.kuansing.go.id/readme.htm
• http://lakon-ku.kotajalur.kuansing.go.id/readme.htm
• http://www.jdih.kuansing.go.id/readme.htm
• http://bpprd.musirawaskab.go.id/z.htm
• http://ditjenppi.menlhk.go.id/love.html
• https://afis.cda.gov.ph
• https://b2bwebapp1.microsoft.com/z.htm
• https://radioedukasi.kemdikbud.go.id/google29a156d098d60579.html

Advisories

• Ubuntu Security Notice USN-5556-1 Thu, 11 Aug 2022 15:43:19 GMT
  Ubuntu Security Notice 5556-1 - It was discovered that Booth incorrectly handled user authentication. An attacker could use this vulnerability to cause a denial of service.
• Gentoo Linux Security Advisory 202208-16 Thu, 11 Aug 2022 15:43:12 GMT
  Gentoo Linux Security Advisory 202208-16 - A vulnerability in faac could result in denial of service. Versions less than 1.30 are affected.
• Gentoo Linux Security Advisory 202208-18 Thu, 11 Aug 2022 15:43:00 GMT
  Gentoo Linux Security Advisory 202208-18 - A vulnerability in Motion allows a remote attacker to cause denial of service. Versions less than 4.3.2 are affected.
• Gentoo Linux Security Advisory 202208-19 Thu, 11 Aug 2022 15:42:49 GMT
  Gentoo Linux Security Advisory 202208-19 - An open redirect vulnerability has been discovered in aiohttp. Versions less than 3.7.4 are affected.
• Gentoo Linux Security Advisory 202208-15 Thu, 11 Aug 2022 15:42:38 GMT
  Gentoo Linux Security Advisory 202208-15 - Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. Versions less than 1.4.4 are affected.
• Gentoo Linux Security Advisory 202208-17 Thu, 11 Aug 2022 15:42:28 GMT
  Gentoo Linux Security Advisory 202208-17 - Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service. Versions less than 23.0.4 are affected.
• Ubuntu Security Notice USN-5567-1 Thu, 11 Aug 2022 15:42:19 GMT
  Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-5566-1 Thu, 11 Aug 2022 15:42:03 GMT
  Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-5563-1 Thu, 11 Aug 2022 15:41:42 GMT
  Ubuntu Security Notice 5563-1 - It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data.
• Red Hat Security Advisory 2022-6040-01 Thu, 11 Aug 2022 15:40:43 GMT
  Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
• Red Hat Security Advisory 2022-6042-01 Thu, 11 Aug 2022 15:40:33 GMT
  Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
• Red Hat Security Advisory 2022-6043-01 Thu, 11 Aug 2022 15:40:22 GMT
  Red Hat Security Advisory 2022-6043-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.
• Ubuntu Security Notice USN-5565-1 Thu, 11 Aug 2022 15:40:07 GMT
  Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-5564-1 Thu, 11 Aug 2022 15:39:49 GMT
  Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-5562-1 Wed, 10 Aug 2022 15:57:08 GMT
  Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-5559-1 Wed, 10 Aug 2022 15:56:47 GMT
  Ubuntu Security Notice 5559-1 - It was discovered that Moment.js incorrectly handled certain input paths. An attacker could possibly use this issue to cause a loss of integrity by changing the correct path to one of their choice. It was discovered that Moment.js incorrectly handled certain input. An attacker could possibly use this issue to cause a denial of service.
• Ubuntu Security Notice USN-5561-1 Wed, 10 Aug 2022 15:56:34 GMT
  Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2022-5069-01 Wed, 10 Aug 2022 15:56:22 GMT
  Red Hat Security Advisory 2022-5069-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include code execution, cross site scripting, denial of service, information leakage, and traversal vulnerabilities.
• Ubuntu Security Notice USN-5560-2 Wed, 10 Aug 2022 15:56:10 GMT
  Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Ubuntu Security Notice USN-5560-1 Wed, 10 Aug 2022 15:55:51 GMT
  Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
• Red Hat Security Advisory 2022-6038-01 Wed, 10 Aug 2022 15:55:29 GMT
  Red Hat Security Advisory 2022-6038-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
• Red Hat Security Advisory 2022-5068-01 Wed, 10 Aug 2022 15:55:21 GMT
  Red Hat Security Advisory 2022-5068-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.
• Red Hat Security Advisory 2022-6037-01 Wed, 10 Aug 2022 15:55:10 GMT
  Red Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
• Red Hat Security Advisory 2022-5070-01 Wed, 10 Aug 2022 15:54:58 GMT
  Red Hat Security Advisory 2022-5070-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.0. Issues addressed include denial of service, out of bounds read, and traversal vulnerabilities.
• Ubuntu Security Notice USN-5558-1 Wed, 10 Aug 2022 15:54:37 GMT
  Ubuntu Security Notice 5558-1 - Zhao Liang discovered that libcdio was not properly performing memory management operations when processing ISO files, which could result in a heap buffer overflow or in a NULL pointer dereference. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.