Critical Infrastructure

SecList ICS

• Cinterion EHS5 3G UMTS/HSPA Module Research
• Threat landscape for industrial automation systems, Q1 2024

Security Magazine

• Malware campaign targets Spanish-speaking individuals
• Untrained users are the greatest weakness in a cyber defense plan
• 2024: The year of upticks in cyber warfare
• 97% of security experts worry about AI-related security incidents
• Securing critical infrastructure
• EPA reveals most water systems do not meet compliance requirements

• Protecting ships from cyber terrorism
• Biden administration issues executive order to secure U.S. ports
• Cadisha Miceli | Women in Security 2023
• CISA MTS Guide may enhance critical infrastructure resilience
• DNV appoints Anette Roll Richardsen as Director of Cybersecurity
• Fishing vessel cited for electrical hazards and poor sanitation

• Data breaches increased throughout 2023
• Kristine Raad joins General Motors as Chief Security Officer
• A new report discusses emerging global threats
• Ransomware threats increased by twofold in 2023
• 47% of organizations monitored supply chain risks monthly or more
• 3 ways AI can handle third-party vendor and supplier risk challenges

Case Studies

• The 2 am call: Preparing for a government cyberattack
• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity

• From the stone age to cutting edge: A case study on key management
• Challenges with mobile apps as a safety solution in K-12 schools
• Michigan school district deploys AI gun detection, intelligent situational awareness platform
• Murray Community School District deploys gun detection technology
• Virginia public school district deploys AI gun detection platform
• Michigan school district adopts new gun detection technology

News

Exploits

• [local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
• [webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
• [webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
• [webapps] Microweber 2.0.15 - Stored XSS
• [webapps] Customer Support System 1.0 - Stored XSS
• [webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
• [webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
• [webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
• [webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
• [webapps] Boelter Blue System Management 1.3 - SQL Injection
• [webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
• [webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
• [webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
• [webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
• [webapps] XMB 1.9.12.06 - Stored XSS
• [webapps] Carbon Forum 5.9.0 - Stored XSS
• [webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
• [webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
• [webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
• [webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
• [webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
• [webapps] Dotclear 2.29 - Remote Code Execution (RCE)
• [webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
• [webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
• [webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
• [webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
• [webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)
• [webapps] Aquatronica Control System 5.1.6 - Information Disclosure
• [webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)
• [webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
• [webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
• [webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
• [webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)
• [webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)
• [webapps] Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
• [webapps] Apache OFBiz 18.12.12 - Directory Traversal
• [webapps] Wordpress Theme XStore 9.3.8 - SQLi
• [webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
• [webapps] Prison Management System - SQL Injection Authentication Bypass
• [webapps] PyroCMS v3.0.1 - Stored XSS
• [webapps] CE Phoenix Version 1.0.8.20 - Stored XSS
• [webapps] Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
• [webapps] Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
• [remote] CrushFTP < 11.1.0 - Directory Traversal
• [local] Plantronics Hub 3.25.1 - Arbitrary File Read
• [webapps] Apache mod_proxy_cluster - Stored XSS

Last 20 Website Defacements - Zone-h

Advisories