Tag: emergency | Page 4

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

May 25, 2023/in Computer Security

Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.

COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts, which are rarely discovered or disclosed. What makes COSMICENERGY unique is that based on our analysis, a contractor may have developed it as a red teaming tool for simulated power disruption exercises hosted by Rostelecom-Solar, a Russian cyber security company. Analysis into the malware and its functionality reveals that its capabilities are comparable to those employed in previous incidents and malware, such as INDUSTROYER and INDUSTROYER.V2, which were both malware variants deployed in the past to impact electricity transmission and distribution via IEC-104.

The discovery of COSMICENERGY illustrates that the barriers to entry for developing offensive OT capabilities are lowering as actors leverage knowledge from prior attacks to develop new malware. Given that threat actors use red team tools and public exploitation frameworks for targeted threat activity in the wild, we believe COSMICENERGY poses a plausible threat to affected electric grid assets. OT asset owners leveraging IEC-104 compliant devices should take action to preempt potential in the wild deployment of COSMICENERGY.

COSMICENERGY Overview

COSMICENERGY’s capabilities and overall attack strategy appear reminiscent of the 2016 INDUSTROYER incident, which issued IEC-104 ON/OFF commands to interact with RTUs and, according to one analysis, may have made use of an MSSQL server as a conduit system to access OT. Leveraging this access, an attacker can send remote commands to affect the actuation of power line switches and circuit breakers to cause power disruption. COSMICENERGY accomplishes this via its two derivative…

Source…

Google Issues Emergency Chrome Update for Zero-Day Bug

April 18, 2023/in Internet Security

A Google Chrome zero-day vulnerability is under active exploit in the wild, and while details are scarce, users are urged to update their Windows, Mac, and Linux systems to the latest version directly.

The fix for the high-severity bug, being tracked as CVE-2023-2033, is being pushed out through the stable desktop and extended stable channels, and will continue to roll out over the next weeks, Google explained in its April 14 cybersecurity advisory.

The flaw was discovered by Clément Lecigne of Google’s Threat Analysis Group on April 11, the company said.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google added. “We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven’t yet fixed.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source…

Apple releases emergency security updates to patch iPhone, iPad and Mac zero-day flaws

April 11, 2023/in Internet Security

Apple has once again released emergency security updates to fix zero-day vulnerabilities that are being used to attack compromised iPhones, iPads and Macs in the wild.

In a security advisory (opens in new tab) released on Friday (April 7), the Cupertino-based company revealed that it “is aware of a report that this issue may have been actively exploited”. Unlike with other recently discovered zero-day flaws, the ones Apple has patched have already been exploited by hackers in their attacks.

Of these new zero-days, the first flaw (tracked as CVE-2023-28206) is an IOSurfaceAccelearator out-of-bounds write that could lead to corruption of data, crashes or code execution according to BleepingComputer (opens in new tab). However, an attacker could exploit the flaw using a maliciously crafted app to run arbitrary code with kernel privileges on vulnerable devices.

The second zero-day (tracked as CVE-20-23-28205) is a WebKit use after free flaw that allows for data corruption or arbitrary code execution when reusing freed memory. To exploit it, a hacker would need to trick unsuspecting users into loading a malicious web page that could be used to execute code on their devices.

Why Apple is keeping quiet

Both of these zero-day vulnerabilities have now been fixed with the release of iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1 and Safari 16.4.1. However, you will still need to download and install these updates yourself.

So far, the list of affected devices is quite long and includes all of the best iPhones from the iPhone 8 on, all models of the iPad Pro, the iPad Air 3rd generation and later, the iPad 5th generation and later, the iPad mini 5th generation and later and any of the best Macs running macOS Ventura.

While Apple is aware of reports about how these zero-days are being used in the wild, the company remains tight-lipped when it comes to details. This is typical of Apple and in its security advisory, it explains that: “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”

Another reason why Apple hasn’t said anything yet is that these security flaws are likely…

Source…

Transport Workers’ Union will call an emergency safety summit in the wake of attack on female bus driver

January 16, 2023/in Mobile Security

The Transport Workers’ Union will call an emergency safety summit in the wake of a violent attack on a female bus driver in which she was allegedly spat on, kicked and punched by a 13-year-old boy and an older accomplice.

The woman was driving the route between Elizabeth Quay and Curtin University when she pulled into the Victoria Park station about 7.15pm on Thursday and was set upon in an assault TWU WA branch secretary Tim Dawson said was “hard to put into words”.

According to police, a 13-year-old boy who had boarded the bus with a disorderly group of people spat on the bus driver before stealing her phone.

It is alleged the same boy then kicked the victim, before a 32-year-old woman punched her in the face.

The brutal alleged attack came just two days after Edward Charles Abbott pleaded guilty to attacking a 66-year-old TransWA bus driver in Geraldton.

When Abbott was denied a seat on the bus, he struck the bus driver multiple times to the head, causing him to lose his front teeth, and leaving him with cutting and bruising to his mouth and face. He will be sentenced next month.

In a statement on Sunday, the TWU said it was time to call time on the “safety crisis” on WA buses, saying the union has had enough of State Government “inaction on anti-social behaviour and bus driver attacks”.

Mr Dawson has called on bus operators to release union delegates and health and safety representatives from work next Wednesday so they could attend the urgent safety summit.

He said the union had long been calling for an increase to security measures for bus drivers, including bringing security services in-house rather than contracting it out.

Tag Archive for: emergency

COSMICENERGY Overview