Critical Infrastructure

SecList ICS

• The nature of cyberincidents in 2022
• Managed Detection and Response in 2022

Security Magazine

• Protecting critical infrastructure with radar
• Resin and circuitry company cited by OSHA for chemical exposure risks
• Florida city investigated by OSHA for whistleblower treatment
• Organizations urged to incorporate FCC covered list into risk management plans
• Cybersecurity best practices guide for smart cities released
• White House announces next steps for energy security

• CISA MTS Guide may enhance critical infrastructure resilience
• DNV appoints Anette Roll Richardsen as Director of Cybersecurity
• Fishing vessel cited for electrical hazards and poor sanitation
• 2022 breaks record for TSA firearm interceptions
• 5 geopolitical risk factors affecting organizations in 2023
• The future of airport security technology

• Managing third-party risks in the supply chain
• IT-ISAC launches food and agriculture analysis center
• TSA strengthens security for Memorial Day travel rush
• Resin and circuitry company cited by OSHA for chemical exposure risks
• Atlanta TSA allows Georgia residents to use mobile driver's license
• Cybersecurity fundamentals for logistics partners

Case Studies

• Häfele recovers from ransomware attack with new SASE platform
• Ride-hailing company, inDrive, uses new platform to prevent fraud
• The Old Spaghetti Factory restaurant chain ups network & physical security
• K-8 students learn cybersecurity through gamification
• Electric company uses SAP monitoring to bolster cybersecurity
• Pharmaceutical company secures network with AppSec compliance tools

• San Antonio updates security radio system
• London to implement new police body cameras
• Wrigley Field expands security measures
• Factory implements weapons detection technology
• University of Vermont upgrades video surveillance system
• Texas school district ramps up security with unified solution

News

• Ransomware Gang Clop Prepped Zero Day MOVEit Attacks In 2021
• Robinhood Markets Removes Three Crypto Tokens
• Netflix Sign-Ups Jump As Password Crackdown Kicks Off
• Google Changes Email Authentication After Spoof Shows A Bad Delivery For UPS
• Dozens Of Popular Minecraft Mods Found Infected With Fracturiser Malware
• VMware Discloses Trio Of High Severity Bugs In Network Monitoring Tool
• Hacker Attempts To Exploit Old And New Bugs Up 55%
• People Are Pirating GPT-4 By Scraping Exposed API Keys
• Deepfakes Of Victims Used In Sextortion Attacks Spike, FBI Warns
• BBC, BA, And Boots Issued With Ultimatum By Cyber Gang Clop
• What's Really Changed 10 Years After The Snowden Revelations
• ByteDance Accused Of Helping China Spy On Hong Kong Activists
• Crypto Catastrophe Stikes Some Atomic Wallet Users, Over $35 Million Thought Stolen
• Microsoft To Pay $20m For Child Privacy Violations
• MoveIt Hack: What Actions Can Data Breach Victims Take?
• SEC Accuses Coinbase Cryptocurrency Exchange Of Breaking US Regulations
• Ransomware Attacks Have Room To Grow, Verizon Report Shows
• U.S. Senate Leader Schedules Classified AI Briefings
• Qbot Malware Adapts To Live Another Day... And Another...
• Amazon's Ring Doorbell Was Used To Spy On Customers
• Millions Of Users Vulnerable To Zero Day In MOVEit File Transfer App
• Gmail Spoofing Vulnerability Sparks Google Priority 1 Probe
• British Airways, Boots, And BBC Staff Details Targeted In Russia-Linked Cyber Attack
• China Is Digging A Big Frickin' Hole 33,000 Feet Into The Earth
• BlackCat Updates Tradecraft With Stealth And Speed

Exploits

• Movierocket 1.0 Cross Site Scripting
• Thruk Monitoring Web Interface 3.06 Path Traversal
• Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
• Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting
• Scriptio 1.4 Cross Site Scripting
• EasyAnswer 1.0.1 Cross Site Scripting
• P2S CMS 0.1 Cross Site Scripting
• MVC Shop 0.5 Directory Traversal
• PHP Live 3.1 Cross Site Scripting
• Acelle Email Marketing 4.0.25 Arbitrary File Upload
• Kesion CMS X 2.0 Add Administrator
• RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
• Microsoft Windows PowerShell Remote Command Execution
• WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation
• Delta Electronics InfraSuite Device Master Deserialization
• Expert Restaurant eCommerce 1.0 Cross Site Scripting
• Expert Restaurant eCommerce 1.0 SQL Injection
• MVC Shop 0.5 Cross Site Scripting
• NETXPERTS CMS 0.1 SQL Injection
• Microsoft HVCIScan DLL Hijacking
• Anuranan SBAdmin 2 Insecure Settings
• PaperCut PaperCutNG Authentication Bypass
• Magento eCommerce 2.4.0 Information Disclosure
• Wizcyb Interactive 2.0 SQL Injection
• USB Flash Drives Control 4.1.0.0 Unquoted Service Path

• [webapps] WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
• [webapps] Thruk Monitoring Web Interface 3.06 - Path Traversal
• [local] USB Flash Drives Control 4.1.0.0 - Unquoted Service Path
• [webapps] Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
• [local] Macro Expert 4.9 - Unquoted Service Path
• [webapps] File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
• [webapps] MotoCMS Version 3.4.3 - SQL Injection
• [webapps] STARFACE 7.3.0.10 - Authentication with Password Hash Possible
• [webapps] Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
• [webapps] Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
• [webapps] Total CMS 1.7.4 - Remote Code Execution (RCE)
• [webapps] MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
• [webapps] Pydio Cells 4.1.2 - Server-Side Request Forgery
• [webapps] Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
• [webapps] Pydio Cells 4.1.2 - Unauthorised Role Assignments
• [webapps] Faculty Evaluation System 1.0 - Unauthenticated File Upload
• [webapps] Online Security Guards Hiring System 1.0 - Reflected XSS
• [remote] Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
• [webapps] unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
• [webapps] SCRMS 2023-05-27 1.0 - Multiple SQL Injection
• [webapps] Rukovoditel 3.3.1 - CSV injection
• [webapps] Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
• [webapps] SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
• [remote] Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
• [webapps] Ulicms 2023.1 - create admin user via mass assignment
• [webapps] Zenphoto 1.6 - Multiple stored XSS
• [webapps] WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
• [local] Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
• [webapps] Service Provider Management System v1.0 - SQL Injection
• [webapps] Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
• [webapps] FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
• [local] MobileTrans 4.0.11 - Weak Service Privilege Escalation
• [webapps] CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
• [webapps] ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
• [webapps] Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
• [webapps] GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
• [webapps] Quicklancer v1.0 - SQL Injection
• [webapps] Stackposts Social Marketing Tool v1.0 - SQL Injection
• [webapps] Smart School v1.0 - SQL Injection
• [webapps] LeadPro CRM v1.0 - SQL Injection
• [local] Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
• [local] Gin Markdown Editor v0.7.4 (Electron) - Arbitrary Code Execution
• [webapps] Affiliate Me Version 5.0.1 - SQL Injection
• [webapps] eScan Management Console 14.0.1400.2281 - Cross Site Scripting
• [webapps] eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
• [webapps] Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)

Last 20 Website Defacements - Zone-h

• https://www.rick.gov.sd/license.html
• http://www.mkhondo.gov.za/gh.html
• https://dgaie.gov.bf/kurd.htm
• https://rbco.denr.gov.ph/s1.html
• https://gobiernodezapotillo.gob.ec/fake.html
• https://zbs.go.tz/readme.htm
• https://cgcla.go.tz/readme.htm
• http://arturnogueira.sp.gov.br
• http://informatica.arturnogueira.sp.gov.br/index.html
• http://cactix.ib.itaborai.rj.gov.br
• http://sireg-transparencia.ib.itaborai.rj.gov.br
• http://nac.gov.ss/CR4P5.txt
• http://redeeducativa.ms.gov.br/CR4P5.txt
• http://notamaisfacil.novaiguacu.rj.gov.br
• http://nfse.novaiguacu.rj.gov.br
• https://bangkok.doae.go.th/province/
• http://www.haec01.doae.go.th/wp-content/
• https://fundacc.sp.gov.br/nda.html
• https://mapas.fundacc.sp.gov.br/nda.html
• https://arquivopublico.fundacc.sp.gov.br/nda.html

Advisories

• Ubuntu Security Notice USN-6152-1 Fri, 09 Jun 2023 15:10:38 GMT
  Ubuntu Security Notice 6152-1 - It was discovered that NFS client's access cache implementation in the Linux kernel caused a severe NFS performance degradation in certain conditions. This updated makes the NFS file-access stale cache behavior to be optional.
• Debian Security Advisory 5422-1 Fri, 09 Jun 2023 15:10:18 GMT
  Debian Linux Security Advisory 5422-1 - It was discovered that jupyter-core, the core common functionality for Jupyter projects, could execute arbitrary code in the current working directory while loading configuration files.
• Red Hat Security Advisory 2023-3555-01 Fri, 09 Jun 2023 15:00:56 GMT
  Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-6151-1 Fri, 09 Jun 2023 14:58:08 GMT
  Ubuntu Security Notice 6151-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
• Red Hat Security Advisory 2023-3556-01 Fri, 09 Jun 2023 14:57:01 GMT
  Red Hat Security Advisory 2023-3556-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-6150-1 Fri, 09 Jun 2023 14:55:13 GMT
  Ubuntu Security Notice 6150-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6149-1 Fri, 09 Jun 2023 14:53:05 GMT
  Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
• Ubuntu Security Notice USN-6147-1 Fri, 09 Jun 2023 14:51:30 GMT
  Ubuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
• Debian Security Advisory 5421-1 Thu, 08 Jun 2023 15:10:13 GMT
  Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
• Ubuntu Security Notice USN-6146-1 Thu, 08 Jun 2023 15:06:14 GMT
  Ubuntu Security Notice 6146-1 - It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
• Red Hat Security Advisory 2023-3550-01 Thu, 08 Jun 2023 15:05:17 GMT
  Red Hat Security Advisory 2023-3550-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-6145-1 Thu, 08 Jun 2023 14:22:10 GMT
  Ubuntu Security Notice 6145-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only fixed for Ubuntu 16.04 LTS. It was discovered that Sysstat incorrectly handled certain arithmetic multiplications in 64-bit systems, as a result of an incomplete fix for CVE-2022-39377. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.
• Red Hat Security Advisory 2023-3410-01 Thu, 08 Jun 2023 14:19:24 GMT
  Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.
• Debian Security Advisory 5420-1 Thu, 08 Jun 2023 14:17:32 GMT
  Debian Linux Security Advisory 5420-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
• Red Hat Security Advisory 2023-3409-01 Thu, 08 Jun 2023 14:14:35 GMT
  Red Hat Security Advisory 2023-3409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.20.
• Red Hat Security Advisory 2023-3363-01 Wed, 07 Jun 2023 16:22:09 GMT
  Red Hat Security Advisory 2023-3363-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a denial of service vulnerability.
• Ubuntu Security Notice USN-6144-1 Wed, 07 Jun 2023 16:21:56 GMT
  Ubuntu Security Notice 6144-1 - It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute arbitrary code. Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user before loading the host document inside an IFrame. If a user were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause information disclosure or execute arbitrary code.
• Ubuntu Security Notice USN-6143-1 Wed, 07 Jun 2023 16:21:48 GMT
  Ubuntu Security Notice 6143-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
• Debian Security Advisory 5419-1 Wed, 07 Jun 2023 16:21:38 GMT
  Debian Linux Security Advisory 5419-1 - Two vulnerabilities were discovered in c-ares, an asynchronous name resolver library.
• Red Hat Security Advisory 2023-3362-01 Wed, 07 Jun 2023 16:19:03 GMT
  Red Hat Security Advisory 2023-3362-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.61. Issues addressed include a resource exhaustion vulnerability.
• Red Hat Security Advisory 2023-3525-01 Wed, 07 Jun 2023 16:18:40 GMT
  Red Hat Security Advisory 2023-3525-01 - Flask is a lightweight but extensible web development framework for Python based on the Werkzeug WSGI toolkit, and the Jinja 2 template engine.
• Red Hat Security Advisory 2023-3366-01 Wed, 07 Jun 2023 16:13:06 GMT
  Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.
• Ubuntu Security Notice USN-6028-2 Wed, 07 Jun 2023 16:06:41 GMT
  Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.
• Red Hat Security Advisory 2023-3491-01 Wed, 07 Jun 2023 16:05:35 GMT
  Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
• Red Hat Security Advisory 2023-3490-01 Wed, 07 Jun 2023 16:02:28 GMT
  Red Hat Security Advisory 2023-3490-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.