Critical Infrastructure

SecList ICS

• Threat landscape for industrial automation systems for H2 2022
• Reassessing cyberwarfare. Lessons learned in 2022

Security Magazine

• DNV appoints Anette Roll Richardsen as Director of Cybersecurity
• Ohio BP refinery investigated after employee deaths
• Texas oil and gas company cited by OSHA after employee death
• EPA stresses the need for improved water cybersecurity
• Power grid program receives $48 in funding from DOE
• 5 minutes with Duncan Greatwood — Securing remote access in critical infrastructure

• DNV appoints Anette Roll Richardsen as Director of Cybersecurity
• Fishing vessel cited for electrical hazards and poor sanitation
• 2022 breaks record for TSA firearm interceptions
• 5 geopolitical risk factors affecting organizations in 2023
• The future of airport security technology
• Building tailored cyber resilience for critical infrastructure

• OSHA releases grain industry employee safety practices
• Report shows top transport cyber threats in EU
• Report: Top 5 issues facing security industry
• Ransomware attack exposed Ferrari customer data
• Bahrain to implement new ePassports
• CT scanners installed at NC airport for improved passenger screening

Case Studies

• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity
• Pharmaceutical company secures network with AppSec compliance tools
• Tech university stops cyberattack with AI

• Michigan school district adopts AI-based gun detection
• RIEMA to assess, improve land mobile radio system
• NY county installs cameras to reduce cars passing stopped buses
• Laundromat uses cloud-based surveillance to combat weather challenges
• Philadelphia adds gun-detection software to public transit
• Erickson Senior Living updates physical security measures

News

• BingBang: How A Simple Developer Mistake Could Have Led To Bing.com Takeover
• Meet APT43: The Group That Hacks, Spies, And Steals For North Korea's Ruling Elite
• AI Could Replace Equivalent Of 300 Million Jobs
• China Urges Apple To Improve Security And Privacy
• Ransomware Crooks Are Exploiting IBM File Exchange Bug
• New IcedID Malware Variants Shift From Banking Trojans To Ransomware
• Clearview AI Used Nearly 1m Times By US Police, It Tells The BBC
• North Dakota To Require Cybersecurity Education In Public Schools
• The FBI Has Been Buying Bulk Internet Data From Team Cymru
• US President Biden Kind Of Mostly Bans Commercial Spyware
• Twitter Takes Legal Action After Source Code Leaked Online
• Singapore Businesses Stumbling Over What Security Culture Entails
• Android App From China Executed Zero Day Exploit On Millions Of Devices
• Five Takeaways From TikTok CEO's Congress Grilling
• CISA Unleashes Untitled Goose Tool To Honk At Danger In Microsoft's Cloud
• House Leaders Don't Want CISA's Reach To Exceed Its Grasp
• Fugitive Cryptocrash Boss Arrested In Montenegro
• French Parliament Says Oui To AI Surveillance For 2024 Olympics
• Github Publishes RSA SSH Keys By Mistake, Issues Update
• Journalist Plugs In Unknown USB Drive Mailed To Him - It Exploded In His Face
• Aloria, Who Made Us All Laugh For Years With Infosec Reactions, Passes Away At 41
• ChatGPT Bug Leaked Users' Conversation Histories
• B-List Celebs Including Lindsay Lohan Fined After Crypto Shill Probe
• Threat Actor Attempted Email Compromise Attack For $36 Million
• CISA, NSA Push Identity And Access Management Framework

Exploits

• SolarWinds Information Service (SWIS) Remote Command Execution
• rukovoditel 3.2.1 Cross Site Scripting
• iBooking 1.0.8 Remote Shell Upload
• ReQlogic 11.3 Cross Site Scripting
• Optergy Proton And Enterprise BMS 2.0.3a Command Injection
• Hashicorp Consul 1.0 Remote Command Execution
• Moodle LMS 4.0 Cross Site Scripting
• Tunnel Interface Driver Denial Of Service
• OPSWAT Metadefender Core 4.21.1 Privilege Escalation
• Label Studio 1.5.0 Server-Side Request Forgery
• X-Skipper-Proxy 0.13.237 Server-Side Request Forgery
• Subrion CMS 4.2.1 Cross Site Scripting
• BoxBilling 4.22.1.5 Remote Code Execution
• Tapo C310 RTSP Server 1.3.0 Unauthorized Video Stream Access
• SugarSync 4.1.3 Unquoted Service Path
• HDD Health 4.2.0.112 Unquoted Service Path
• WordPress Jetpack 11.4 Cross Site Scripting
• Online Shopping System Advanced 1.0 XSS / SQL Injection / Code Execution
• SuperMailer 11.20 Buffer Overflow / Denial Of Service
• YouPHPTube 7.8 Local File Inclusion / Directory Traversal
• Beauty Salon 1.0 Remote Shell Upload
• Suprema BioStar 2 2.8.16 SQL Injection
• WebTareas 2.4 SQL Injection
• WebTareas 2.4 Cross Site Scripting
• WebTareas 2.4 Remote Shell Upload

• [webapps] Revenue Collection System v1.0 - Remote Code Execution (RCE)
• [webapps] Helmet Store Showroom v1.0 - SQL Injection
• [remote] Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
• [webapps] Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
• [remote] DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
• [local] Outline V1.6.0 - Unquoted Service Path
• [remote] Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)
• [remote] Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow
• [webapps] Human Resource Management System 1.0 - SQL Injection (unauthenticated)
• [webapps] Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
• [webapps] WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
• [webapps] rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
• [webapps] Senayan Library Management System v9.5.0 - SQL Injection
• [webapps] iBooking v1.0.8 - Arbitrary File Upload
• [webapps] ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
• [remote] Hashicorp Consul v1.0 - Remote Command Execution (RCE)
• [webapps] Social-Share-Buttons v2.2.3 - SQL Injection
• [webapps] Moodle LMS 4.0 - Cross-Site Scripting (XSS)
• [dos] Tunnel Interface Driver - Denial of Service
• [webapps] OPSWAT Metadefender Core - Privilege Escalation
• [webapps] ZKTeco ZEM/ZMM 8.88 - Missing Authentication
• [remote] X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
• [webapps] Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)
• [webapps] Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)
• [webapps] BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
• [remote] Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
• [local] SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path
• [local] HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path
• [webapps] Jetpack 11.4 - Cross Site Scripting (XSS)
• [webapps] Online shopping system advanced 1.0 - Multiple Vulnerabilities
• [dos] SuperMailer v11.20 - Buffer overflow DoS
• [webapps] YouPHPTube<= 7.8 - Multiple Vulnerabilities
• [dos] VMware Workstation 15 Pro - Denial of Service
• [webapps] Pega Platform 8.1.0 - Remote Code Execution (RCE)
• [webapps] Beauty-salon v1.0 - Remote Code Execution (RCE)
• [remote] MiniDVBLinux 5.4 - Arbitrary File Read
• [remote] MiniDVBLinux 5.4 - Remote Root Command Injection
• [remote] MiniDVBLinux 5.4 - Unauthenticated Stream Disclosure
• [remote] MiniDVBLinux 5.4 - Change Root Password
• [remote] MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)
• [webapps] FortiOS, FortiProxy, FortiSwitchManager v7.2.1 - Authentication Bypass
• [remote] MiniDVBLinux <=5.4 - Config Download Exploit
• [local] AVS Audio Converter 10.3 - Stack Overflow (SEH)
• [webapps] WebTareas 2.4 - RCE (Authorized)
• [webapps] WebTareas 2.4 - Reflected XSS (Unauthorised)
• [webapps] WebTareas 2.4 - SQL Injection (Unauthorised)

Last 20 Website Defacements - Zone-h

• https://www.dpmd.tabanankab.go.id
• http://army3.rta.mi.th/kurd.html
• http://army3.mi.th/kurd.html
• http://bantindientu.mard.gov.vn/lol.txt
• http://ncerwass.mard.gov.vn/lol.txt
• http://xttm.mard.gov.vn/lol.txt
• http://solieufdi.mard.gov.vn/lol.txt
• http://www.migracao.gov.tl/evil.html
• http://rotendaokab.go.id/pwn.htm
• https://www.imi.gov.my/vz.txt
• https://www.cccm.gov.pt/luxe.htm
• https://jfkmc.gov.lr/luxe.htm
• https://camaradoverlandia.go.gov.br
• https://www.snd.gov.py/index.txt
• https://bkkchem.bangkok.go.th/webapp/storage/good.txt
• http://cultureregions-jendouba.gov.tn/vz.txt
• http://ckd.health.gov.lk/kurd.html
• https://homologcsti.teofilootoni.mg.gov.br/kurd.html
• https://vermelhocarmim.minas.fiocruz.br/readme.html
• http://dprd.sulutprov.go.id

Advisories

• Red Hat Security Advisory 2023-1392-01 Wed, 29 Mar 2023 10:16:39 GMT
  Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.
• Red Hat Security Advisory 2023-1393-01 Wed, 29 Mar 2023 10:16:19 GMT
  Red Hat Security Advisory 2023-1393-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.55.
• Ubuntu Security Notice USN-5981-1 Wed, 29 Mar 2023 10:16:09 GMT
  Ubuntu Security Notice 5981-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-5982-1 Wed, 29 Mar 2023 10:15:54 GMT
  Ubuntu Security Notice 5982-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-5980-1 Wed, 29 Mar 2023 10:15:31 GMT
  Ubuntu Security Notice 5980-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
• Ubuntu Security Notice USN-5686-4 Wed, 29 Mar 2023 10:13:26 GMT
  Ubuntu Security Notice 5686-4 - USN-5686-1 fixed several vulnerabilities in Git. This update provides the corresponding fix for CVE-2022-39253 on Ubuntu 16.04 ESM. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.
• Ubuntu Security Notice USN-5979-1 Wed, 29 Mar 2023 10:13:10 GMT
  Ubuntu Security Notice 5979-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service.
• Debian Security Advisory 5379-1 Tue, 28 Mar 2023 15:19:55 GMT
  Debian Linux Security Advisory 5379-1 - Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a specially crafted message. Additionally an attacker can take advantage of this flaw to change how group chats are displayed or force a user to join or leave an attacker-selected groupchat.
• Ubuntu Security Notice USN-5978-1 Tue, 28 Mar 2023 15:16:58 GMT
  Ubuntu Security Notice 5978-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
• Apple Security Advisory 2023-03-27-9 Tue, 28 Mar 2023 15:12:10 GMT
  Apple Security Advisory 2023-03-27-9 - Studio Display Firmware Update 16.4 addresses a code execution vulnerability.
• Red Hat Security Advisory 2023-1486-01 Tue, 28 Mar 2023 15:11:53 GMT
  Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.
• Red Hat Security Advisory 2023-1409-01 Tue, 28 Mar 2023 15:08:11 GMT
  Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.
• Apple Security Advisory 2023-03-27-8 Tue, 28 Mar 2023 15:07:53 GMT
  Apple Security Advisory 2023-03-27-8 - Safari 16.4 addresses bypass vulnerabilities.
• Apple Security Advisory 2023-03-27-7 Tue, 28 Mar 2023 15:01:41 GMT
  Apple Security Advisory 2023-03-27-7 - watchOS 9.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
• Apple Security Advisory 2023-03-27-6 Tue, 28 Mar 2023 15:01:17 GMT
  Apple Security Advisory 2023-03-27-6 - tvOS 16.4 addresses bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-5977-1 Tue, 28 Mar 2023 14:59:15 GMT
  Ubuntu Security Notice 5977-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
• Apple Security Advisory 2023-03-27-5 Tue, 28 Mar 2023 14:57:46 GMT
  Apple Security Advisory 2023-03-27-5 - macOS Big Sur 11.7.5 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-5976-1 Tue, 28 Mar 2023 14:46:20 GMT
  Ubuntu Security Notice 5976-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
• Apple Security Advisory 2023-03-27-4 Tue, 28 Mar 2023 14:41:46 GMT
  Apple Security Advisory 2023-03-27-4 - macOS Monterey 12.6.4 addresses bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
• Red Hat Security Advisory 2023-1479-01 Tue, 28 Mar 2023 14:41:26 GMT
  Red Hat Security Advisory 2023-1479-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR.
• Apple Security Advisory 2023-03-27-3 Tue, 28 Mar 2023 14:39:03 GMT
  Apple Security Advisory 2023-03-27-3 - macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
• Apple Security Advisory 2023-03-27-2 Tue, 28 Mar 2023 14:36:32 GMT
  Apple Security Advisory 2023-03-27-2 - iOS 15.7.4 and iPadOS 15.7.4 addresses code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
• Ubuntu Security Notice USN-5975-1 Tue, 28 Mar 2023 14:36:07 GMT
  Ubuntu Security Notice 5975-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
• Ubuntu Security Notice USN-5974-1 Tue, 28 Mar 2023 14:33:13 GMT
  Ubuntu Security Notice 5974-1 - It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that GraphicsMagick was not properly validating bits per pixel data when processing DIB image files. If a user or automated system were tricked into processing a specially crafted DIB image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
• Red Hat Security Advisory 2023-1408-01 Tue, 28 Mar 2023 14:31:48 GMT
  Red Hat Security Advisory 2023-1408-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.9. Issues addressed include an out of bounds read vulnerability.