Tuesday, May 21, 2019
DHS

Schneider Electric Modicon Controllers

This advisory includes mitigations for a use of insufficiently random values vulnerability reported in Schneider Electric's Modicon Controllers.
DHS

Fuji Electric Alpha7 PC Loader

This advisory includes mitigations for an out-of-bounds read vulnerability reported in Fuji Electric's Alpha7 PC Loader motor controllers.
DHS

Omron Network Configurator for DeviceNet

This advisory includes mitigations for an untrusted search path vulnerability reported in Omron's Network Configurator for DeviceNet application.
DHS

Siemens SIMATIC WinCC and SIMATIC PCS 7

This advisory includes mitigations for a missing authentication for critical function vulnerability reported in Siemens' SIMATIC WinCC and SIMATIC PC7 products.
DHS

Siemens LOGO! Soft Comfort

This advisory includes mitigations for a deserialization of untrusted data vulnerability reported in Siemens' LOGO! Soft Comfort engineering software.
DHS

Siemens LOGO!8 BM

This advisory includes mitigations for missing authentication for critical function, improper handling of extra values, and plaintext storage of a password vulnerabilities reported in Siemens' LOGO!8 BM programmable logic controller.
DHS

Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II

This advisory includes mitigations for an uncontrolled resource consumption vulnerability reported in Siemens' SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II products.
DHS

Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network

This advisory includes mitigations for an improper input validation vulnerability reported in Siemens' SINAMICS PERFECT HARMONY GH180 Fieldbus Network medium voltage converters.
DHS

Siemens SCALANCE W1750D

This advisory includes mitigations for command injection, information exposure, and cross-site scripting vulnerabilities reported in Siemens; SCALANCE W1750D controllers.
DHS

Siemens SIMATIC PCS 7, WinCC, TIA Portal

This advisory includes mitigations for SQL injection, uncaught exception, and exposed dangerous method vulnerabilities reported in Siemens' SIMATIC PCS 7, WinCC, and TIA Portal products.
DHS

Siemens SIMATIC Panels and WinCC (TIA Portal)

This advisory includes mitigations for hard-coded community string, inadequate encryption, and cross-site scripting vulnerabilities reported in Siemens' SIMATIC Panels and WinCC (TIA Portal) products.
DHS

Siemens LOGO!8 BM

This advisory includes mitigations for missing authentication for critical function, improper handling of extra values, and plaintext storage of a password vulnerabilities reported in Siemens' LOGO!8 BM programmable logic controller.
DHS

Orpak SiteOmat

This advisory includes mitigations for use of hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities reported in Orpak’s SiteOmat, software for fuel station management.
DHS

GE Communicator

This advisory includes mitigations for uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities reported in GE's Communicator software.
DHS

Sierra Wireless AirLink ALEOS

This advisory includes mitigations for OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities reported in the Sierra Wireless AirLink...
DHS

Philips Tasy EMR

This medical advisory includes mitigations for a cross-site scripting vulnerability reported in Philips’ Tasy EMR, a clinical and administrative workflow-based information system.
DHS

Rockwell Automation CompactLogix 5370


This advisory includes mitigations for uncontrolled resource consumption and stack-based buffer overflow vulnerabilities reported in Rockwell Automation’s CompactLogix 5370 controllers.
DHS

Fujifilm FCR Capsula X/Carbon X

This medical advisory includes mitigations for uncontrolled resource consumption and improper access control vulnerabilities reported in Fujifilm’s FCR Capsula X and Carbon X Computed Radiography cassette readers.
DHS

Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers

This advisory includes mitigations for an open redirect vulnerability reported in Rockwell Automation’s MicroLogix 1400 and CompactLogix 5370 controllers.
DHS

Delta Industrial Automation CNCSoft

This advisory includes mitigations for heap-based buffer overflow, out-of-bounds read, and stack-based buffer overflow vulnerabilities reported in Delta Electronics' Delta Industrial Automation CNCSoft ScreenEditor software.

Rats leave the sinking ship as hackers’ forum gets hacked

The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.
The Register

iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2

Cheapskate fandroids get a pass on this one, though Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by...
Bruce Schneier

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all...

DDoS Attacks on the Rise After Long Period of Decline

DDoS Attacks on the Rise After Long Period of DeclineThe number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab. The global cybersecurity company’s findings, detailed...
SecurityWeek

Awareness Training Firm KnowBe4 Acquires Awareness Measurement Firm CLTRe

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum. read more