Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week and year to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Team82 has found a new technique capable of extracting hardcoded cryptographic keys from certain Siemens PLC products. If these techniques were employed by an attacker, they could use the stolen keys to gain “full control over every PLC per affected Siemens product line.”. The disclosure of this exploit to Siemens has led to a new TLS management system in TIA Portal v17 being introduced. This has been implemented to ensure that communication between Siemens PLCs and engineer workstations is encrypted.
Siemens has published an advisory for the affected products. This covers key updates and solutions that we advise looking into.
Operational Technology ( Industrial Control Systems ) is an often overlooked area when it comes to cyber security, with targeted attacks on the increase. Always remember to include OT assets in your security programme.
By Claroty.com
We have recently seen a rise in Supply Chain Attacks across the UK, and the NCSC has responded with new guidance on how to protect against this threat. This new guidance aims to “help organisations effectively assess and gain confidence in the cyber security of their supply chains.”. The NCSC are desperate to generate awareness for this rising issue; currently just 1 in 10 businesses are reviewing the security of their immediate suppliers. The guidance, aimed towards risk managers and cyber security professionals, will hopefully draw the attention of at-risk businesses, and reduce the number of organisations being affected by supply chain attacks.
You can find the official NCSC guidance here.
By NCSC.gov.uk
Source code for Intel’s Alder Lake CPUs has been leaked on both 4chan and GitHub. Intel confirmed the leak to be authentic a week after its occurrence, however the party responsible for the leak has not yet been identified. The stolen data includes the UEFI code of Alder Lake, as well as tools and files from other vendors such as Insyde Software. Further details have not yet been released, and while the original GitHub repository was removed, copies were made and are still circulating.
By TheHackerNews.com
FormBook’s prevalence over the last few months has earned it the top spot on Check Point’s Most Wanted Malware list for September. The Vidar infostealer has also burst into the top ten following a fake Zoom campaign that had massive impact very recently. The second and third spots for this month are occupied by the XMRig open source cryptominer, and the AgentTesla RAT. Check Point’s report also contains a list of geographical distribution of attacks.
The full report from Check Point Research can be found here.
By Infosecurity-Magazine.com
The research team at Forescout have analysed more than 19 million connected devices across 5 industries. This project aimed to reveal the riskiest devices across all industries, with a clear top 5 being listed in their findings. The top 5 connected devices for IT, Internet of Things (IoT), Operational Technology (OT) and Internet of Medical Things (IoMT) were all revealed, with Routers, IP cameras, Programmable logic controllers, and DICOM workstations topping the lists respectively. This research clearly shows that IT devices are still the primary target when it comes to malware attacks, but attackers are starting to branch out as IoT, and OT become very high priority targets.
Key research findings from this Forescout project can be found here.
By HelpNetSecurity.com
Administrators are being warned to update their Fortinet products as soon as possible following the discovery of a critical vulnerability; if exploited, an attacker could bypass authentication on the affected products. Fortinet have confirmed that FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) are all affected by this vulnerability, which has been addressed in the latest patch release. We advise applying the latest updates as soon as possible to ensure you are not at risk of exploitation.
By BleepingComputer.com
Microsoft’s Patch Tuesday for October has been released, addressing 84 total vulnerabilities, 13 of which are considered critical. Flaws affecting Azure Directory Domain Services, Azure Arc, Microsoft Office and more. Please see our round-up of this month’s Patch Tuesday for more details.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #208 – 14th October 2022
Why not follow us on social media:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.