ICS Information Security Assurance Framework 11
February 3, 2020
2.4 ICS Security Trend
All in all, with IT and OT converging at a rapid pace, ICSs will be exposed to more threats that are evolving faster and faster. The threat evolution is reflected in the following aspects: (more…)
ICS Information Security Assurance Framework 10
February 2, 2020
2.3.2 ICS Vulnerability Trend
As industrial control has been delving deeper in recent years, more and more ICS vulnerabilities are discovered by researchers. As vulnerabilities publicly available are only a small portion of those hidden in ICSs, the possibility of ICS vulnerabilities being stashed as potential cyber weapons cannot be ruled out. The following sections analyze the trend of ICS vulnerabilities by reference to data publicly available. (more…)
ICS Information Security Assurance Framework 9
February 1, 2020
2.3 Vulnerabilities in ICS Assets
Most ICS security mechanisms are short of authentication, encryption, and audits, and therefore such ICS assets are rather vulnerable. When connecting to the Internet, ICSs are susceptible to external probes or identification via special fields included in information returned through public or private communication protocols, web services, telnet, and FTP. In this way, ICS assets can be easily controlled by attackers. In addition, more and more ICS vulnerabilities are identified by researchers, leaving ICS assets exposed on the Internet rather vulnerable. (more…)
Microsoft Security Update for January 2020 Fixes 49 Security Vulnerabilities
January 31, 2020
Overview
Microsoft released the January security update on Tuesday, fixing 49 security issues ranging from simple spoofing attacks to remote code execution, discovered in products like .NET Framework, Apps, ASP.NET, Common Log File System Driver, Microsoft Dynamics, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Windows Hyper-V, Windows Media, Windows RDP, Windows Subsystem for Linux, and Windows Update Stack.
(more…)
Adobe Security Bulletins for January 2020 Security Updates Security Alert
January 30, 2020
Overview
On January 14, local time, Adobe officially released the January security update, which fixed multiple vulnerabilities in various Adobe products, including Adobe Experience Manager and Adobe Illustrator CC.
Official notification address:
Weblogic WLS Component IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-2551) Security Alert
January 29, 2020
Overview
In January 2020, the critical patch update announcement CPU (Critical Patch Update) officially released by Oracle, a remote code execution vulnerability (CVE-2020-2551) in the IIOP protocol of Weblogic WLS component was announced. (more…)
Oracle family key patch update January 2020 Security Alert
January 28, 2020
Overview
On January 14, 2020, Oracle officially announced critical patch update (CPU) security announcement and third-party security announcement, and fixed 334 vulnerabilities. See the appendix table for the affected conditions and available patches of each product.
Windows CryptoAPI High Risk Vulnerability (CVE-2020-0601) Security Alert
January 27, 2020
Overview
On January 14, local time, one of the latest monthly patch updates from Microsoft fixed the Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) discovered and reported to Microsoft by the National Security Agency (NSA), which affects Windows 10. , Windows Server 2016 and Windows Server 2019. (more…)
WordPress plug-in authentication bypass vulnerability Security Alert
January 26, 2020
Overview
Recently, webarx researchers announced two high-risk authentication bypass vulnerabilities in WordPress plug-ins, which allow attackers to log in to an administrator account without a password. (more…)
ICS Information Security Assurance Framework 8
January 25, 2020
2.2.3 New ICS Attack Framework “TRITON”
In the middle of November 2017, the Dragos, Inc. team found malware tailor-made for ICSs and identified it as TRISIS (referred to as TRITON in this document) because it fixed it gaze on Schneider Electric’s Triconex safety instrumented system (SIS), enabling the replacement of logic in final control elements. (more…)
