ICS Advisory (ICSA-20-240-01) Red Lion N-Tron 702-W, 702M12-W

SCADAfence Research - ICS Ethernet Switches used in Industrial Networks by manufacturer Red Lion are exposed to Remote Command Injection. The switches types are 702-W and 702M12-W. Read More

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks

SCADAfence Research - IOT Routers made by MoFi network are vulnerable to Remote Code Execution vulnerabilities. The series affected is MOFI4500, which includes several routers which includes WIFI and 4g capabilities. Companies utilizing such routers for mobile or remote connectivity should check their devices for updates. Read More

BLURtooth Vulnerability Lets Attackers Defeat Bluetooth Encryption

SCADAfence Research - IOT BLURtooth vulnerability exposes new generations of bluetooth-enabled devices to MITM attacks. Academic researchers have discovered that certain implementations of Bluetooth 4.0 to 5.0 suffer from weak key generation and thus allow MITM to take place. Read More

Netwalker Ransomware Hits Pakistan's Largest Private Power Utility

SCADAfence Research - Netwalker Ransomware hits the largest private power company in Pakistan. The ransomware caused disruption in billing and online services. Read More

Windows Zerologon PoC Exploits Allow Domain Takeover. Patch This Now!

SCADAfence Research - A PoC was released for the Zerologon vulnerability, which allows attackers to gain Domain Admin privileges and take over windows domain environments. The vulnerability CVE-2020-1472 was patched by Microsoft in the last August update. The vulnerability occurs when an attempt to login as a domain administrator is made, and a spoofed response is sent to the client telling the login succeeded. The vulnerability relies on the fact that it is possible to fallback to unencrypted RPC, and after that, using a security flaw found in Netlogon AES-CFB8 cryptographic negotiation. Please read more for the full article & the POC code. Read More

Ransomware Attack at German Hospital Leads to Death of Patient

SCADAgirl SCADAfence Research - Ransomware attack at a German hospital leads to the death of a patient. The ransomware attack lead to the situation where emergency care could not occur at the hospital, and a patient in a life-threatening condition died after being forced to go to a more distant hospital. Read More

ICS Advisory (ICSA-13-011-01)

SCADAgirl SCADAfence Research - Devices running CoDeSys are vulnerable to read/write any files on devices running it. Also devices running CoDeSys require no authentication by default, making attackers able to change the device configuration. Read More

The Windows XP Source Code Was Allegedly Leaked Online

SCADAgirl SCADAfence Research - Windows XP Source code was leaked online, and can be downloaded by a torrent. The leaked source code may help attackers find new, yet unknown, vulnerabilities in, even new, Windows operating systems. Read More

Ransomware Hits US-Based Arthur J. Gallagher Insurance Giant

SCADAgirl SCADAfence Research - US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems. Read More

UHS Hospitals Hit by Reported Country-Wide Ryuk Ransomware Attack

SCADAgirl SCADAfence Research - UHS hospitals hit by reported country-wide Ryuk ransomware attack, shutting down a few of its hospitals.

"After 1min or so of this the computers logged out and shutdown. When you try to power back on the computers they automatically just shutdown. "We have no access to anything computer based including old labs, ekg's, or radiology studies. We have no access to our PACS radiology system." Read More

The OT & IoT Cybersecurity Feed - October 2020