Tag Archive for: unify

Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems

/in


Two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system.

The flaws were found in the unified communications and collaboration solution by researchers at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business.

The vulnerabilities affect the Atos Unify Session Border Controller (SBC), which provides security for unified communications, the Unify OpenScape Branch product for remote offices, and Border Control Function (BCF), which is designed for emergency services.

SEC Consult researchers discovered that the web interface of these products is affected by CVE-2023-36618, which can be exploited by an authenticated attacker with low privileges to execute arbitrary PHP functions and subsequently operating system commands with root privileges.

The second security hole, CVE-2023-36619, can be exploited by an unauthenticated attacker to access and execute certain scripts. An attacker could leverage these scripts to cause a denial-of-service (DoS) condition or change the system’s configuration.

SEC Consult says the vulnerabilities have critical impact, but the vendor has assigned the flaws a ‘high severity’ rating based on their CVSS score.

“Attackers can gain full control (root access) over the appliance, if any low-privileged user credentials are known, and could reconfigure or backdoor the system (e.g. change SIP upstream configuration, etc),” Johannes Greil, head of the SEC Consult Vulnerability Lab, told SecurityWeek.

Advertisement. Scroll to continue reading.

Greil pointed out that the affected web interface is typically not exposed to the internet and a brief Shodan analysis shows there are no systems that are reachable from the web.

The cybersecurity firm this week published an advisory containing technical information, but proof-of-concept (PoC) exploit code has not been made public. 

Atos has released updates that should patch both Unify vulnerabilities. The vendor has also suggested a series of workarounds that can prevent or reduce the risk of exploitation. 

Related: Details Disclosed for Critical SAP…

Source…

Element Announces Element Unify Integration with AWS IoT SiteWise to Enable Condition-based Monitoring for Industrial Customers | Business

/in


SAN FRANCISCO–(BUSINESS WIRE)–Jun 9, 2021–

Element, a leading software provider in IT/OT data management for industrial companies, today announced a new offering featuring an API integration between its Element Unify product and AWS IoT SiteWise, a managed service from Amazon Web Services, Inc. (AWS), that makes it easy to collect, store, organize, and monitor data from industrial equipment at scale. The API integration is designed to give customers the ability to centralize plant data model integration and metadata management, enabling data to be ingested into AWS services, including AWS IoT SiteWise and Amazon Simple Storage Service (S3) industrial data lake.

Available in AWS Marketplace, the Element Unify AWS IoT Sitewise API integration is designed to allow engineers and operators to monitor operations across facilities, quickly compute performance metrics, create applications that analyze industrial equipment data to prevent costly equipment issues, and reduce gaps in production.

“We are looking forward to bridging the on-premises data models we’ve built for systems like OSIsoft PI to AWS for equipment data monitoring using Element Unify,” said Philipp Frenzel, Head of Competence Center Digital Services at Covestro.

Element also announced its ISO 27001 certification proving both the security controls protect customer data and the Information Security Management System (ISMS) provide governance, risk management, and controls required for modern SaaS applications. Element Unify also supports AWS PrivateLink to provide an additional level of network security and control for customers.

“Our customers are looking for solutions that can help them improve equipment uptime, avoid revenue loss, cut O&M costs, and improve safety,” said Prabal Acharyya, Global Head of IoT Partners for Energy at AWS. “Now, the Industrial Machine Connectivity (IMC) on AWS initiative, along with Element Unify, makes possible a seamless API integration of both real-time and asset context OT data from multiple systems into an industrial data lake on AWS.”

Industrial customers need the ability to digitally transform to maximize productivity and asset availability,…

Source…

China Preparing to Unify Cyber Warfare Capabilities – Report – Infosecurity Magazine

/in

Infosecurity Magazine

China Preparing to Unify Cyber Warfare Capabilities – Report
Infosecurity Magazine
Although the two nations shook hands on an agreement not to engage in economically motivated state-sponsored cyber espionage against one another, Chinese hackers have shown no signs of moderating their activity, according to one threat intelligence …
Cyber Security In BrazilMondaq News Alerts (registration)

all 2 news articles »

cyber warfare – read more

IDF to unify cyber warfare units – Al-Monitor

/in

Al-Monitor

IDF to unify cyber warfare units
Al-Monitor
It will encompass all operational capacities pertaining to cyber warfare, including defense, offense and intelligence collection. Just like Israel's air force, it will provide services to all of the IDF's branches, divisions and commands that require
IDF unit to focus on cyberwarfareJweekly.com

all 3 news articles »

cyber warfare – read more