CISA Releases Two Industrial Control Systems Advisories

CISA released two advisories on February 29, 2024. The advisories warn about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS).

ICSA-24-060-01 Delta Electronics CNCSoft-B
ICSMA-24-060-01 MicroDicom DICOM Viewer

• Bank
• National

Bangladesh bank published CBS guideline Version 2.0

By infosecbulletin / Monday , May 13 2024

The banking industry in Bangladesh is the core driver in economic development of the country. The focus on inclusion and...

Read More

• International
• Vulnerabilities

Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days

By infosecbulletin / Monday , May 13 2024

Fortinet reported that in the second half of 2023, the average time form the disclosure of a vulnerability to its...

Read More

• Cyber Attack

TechCrunch report
Indian gov.t sites compromised to plant online betting ads

By infosecbulletin / Sunday , May 12 2024

Indian government websites have been used by scammers to place ads that send visitors to online betting sites. TechCrunch found...

Read More

• Cyber Attack
• Data Breach
• Ransomware

Damage Costs Predicted To Exceed $265 Billion By 2031
Ransomware expected to attack every 2 seconds by 2031

By infosecbulletin / Sunday , May 12 2024

Ransomware damage costs are predicted to exceed $265 billion by 2031, and it is expected to be the fastest growing...

Read More

• Alert

ALERT CISA WARNS
Black Basta ransomware breached over 500 orgs worldwide

By infosecbulletin / Saturday , May 11 2024

CISA, FBI, HHS, and MS-ISAC released a joint Cybersecurity Advisory called #StopRansomware: Black Basta. It provides tactics, techniques, procedures, and...

Read More

• International

Cyber Attack On Data Center Cooling Systems results disruption

By infosecbulletin / Saturday , May 11 2024

According to cybersecurity analysts at Dragos, while cloud adoption offers many benefits for industrial companies , it also poses certain...

Read More

• Vulnerabilities

Chrome Zero-Day Alert — Update Your Browser to Patch

By infosecbulletin / Friday , May 10 2024

Google released an urgent security update for Chrome browser. The update fixes a critical vulnerability that is already being exploited...

Read More

• Hot Topic
• Vulnerabilities

Dell Discloses Data Breach: 49 million customers allegedly affected

By infosecbulletin / Friday , May 10 2024

A security breach has been reported, with a threat actor claiming to be selling a database with 49 million customer...

Read More

• Vulnerabilities

BIG VULNERABILITIES IN NEXT-GEN BIG-IP

By infosecbulletin / Thursday , May 9 2024

Eclypsium recently found flaws in F5’s BIG-IP Next Central Manager, which could let attackers take control of the network. BIG-IP...

Read More

• Cyber Attack
• Data Breach

UK confirms Ministry of Defence payroll data exposed in data breach

By infosecbulletin / Wednesday , May 8 2024

he UK government confirmed that hackers recently broke into the country's Ministry of Defence and accessed part of the Armed...

Read More

EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B
Vulnerability: Stack-based Buffer Overflow
RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.

Vulnerability Overview:

Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: MicroDicom
Equipment: DICOM Viewer
Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Write
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption issues leading to execution of arbitrary code.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.