Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems in Q1 2025
• Threat landscape for industrial automation systems in Q4 2024

Security Magazine

• The importance of security for power utility substations
• Chinese threat actor resided in US electric grid for almost one year
• US experiences 47% of global utilities cyberattacks
• Internet-exposed HMIs are a risk to water facilities, CISA warns
• Software and IT vendors linked to 67% of energy sector breaches
• Iranian cyber actors are targeting critical infrastructure entities

• Windsor port authority strengthens US-Canada border waterway
• Protecting ships from cyber terrorism
• Biden administration issues executive order to secure U.S. ports
• Cadisha Miceli | Women in Security 2023
• CISA MTS Guide may enhance critical infrastructure resilience
• DNV appoints Anette Roll Richardsen as Director of Cybersecurity

• Ensuring safety on the move: Strengthening security in public transportation
• Nearly 1M records related to personal property were exposed
• Security experts respond to the Amazon employee data breach
• Supply chain cybersecurity and modern-day cargo theft
• 99% of Global 2000 organizations are linked to a supply chain breach
• Data breaches increased throughout 2023

Case Studies

• The 2 am call: Preparing for a government cyberattack
• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity

• Campus collaboration: a security-focused work management platform
• Windsor port authority strengthens US-Canada border waterway
• From the stone age to cutting edge: A case study on key management
• Challenges with mobile apps as a safety solution in K-12 schools
• Michigan school district deploys AI gun detection, intelligent situational awareness platform
• Murray Community School District deploys gun detection technology

News

Exploits

• [remote] Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
• [remote] CrushFTP 11.3.1 - Authentication Bypass
• [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
• [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
• [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
• [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
• [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
• [local] RDPGuard 9.9.9 - Privilege Escalation
• [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
• [local] VirtualBox 7.0.16 - Privilege Escalation
• [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
• [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
• [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
• [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
• [webapps] Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
• [webapps] Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
• [local] Microsoft - NTLM Hash Disclosure Spoofing (library-ms)
• [local] ZTE ZXV10 H201L - RCE via authentication bypass
• [local] Daikin Security Gateway 14 - Remote Password Reset
• [local] Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
• [local] unzip-stream 0.3.1 - Arbitrary File Write
• [local] Microsoft Windows 11 - Kernel Privilege Escalation
• [webapps] WordPress Core 6.2 - Directory Traversal
• [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
• [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
• [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
• [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
• [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
• [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
• [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
• [webapps] Drupal 11.x-dev - Full Path Disclosure
• [webapps] KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
• [webapps] UJCMS 9.6.3 - User Enumeration via IDOR
• [webapps] Inventio Lite 4 - SQL Injection
• [remote] Langflow 1.3.0 - Remote Code Execution (RCE)
• [webapps] Apache Commons Text 1.10.0 - Remote Code Execution
• [webapps] Tatsu 3.3.11 - Unauthenticated RCE
• [webapps] Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
• [local] AnyDesk 9.0.1 - Unquoted Service Path
• [webapps] compop.ca 3.5.3 - Arbitrary code Execution
• [webapps] Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation
• [webapps] Usermin 2.100 - Username Enumeration
• [webapps] Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
• [hardware] ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
• [hardware] ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
• [remote] TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Last 20 Website Defacements - Zone-h

Advisories