Thursday , November 14 2024
Women

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS).

ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager:

Bitdefender releases free decryptor for ShrinkLocker ransomware

Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware....
Read More
Bitdefender releases free decryptor for ShrinkLocker ransomware

Fortinet releases updates for Various Products

Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take...
Read More
Fortinet releases updates for Various Products

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

Microsoft's latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited....
Read More
Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...
Read More
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Cyberattack Disrupts Israel’s Gas and Payment Systems

A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...
Read More
Cyberattack Disrupts Israel’s Gas and Payment Systems

Russia blocks thousands websites using Cloudflare’s privacy service

Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Read More
Russia blocks thousands websites using Cloudflare’s privacy service

Hacker to sale Indian Gov.t email credentials

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...
Read More
Hacker to sale Indian Gov.t email credentials

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...
Read More
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....
Read More
Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

CISA alerts active exploitation of Palo Alto networks vuln

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...
Read More
CISA alerts active exploitation of Palo Alto networks vuln

CISA has identified a serious vulnerability in Beckhoff Automation’s TwinCAT Package Manager, a key software in manufacturing. The flaw, called CVE-2024-8934, relates to improper handling of special elements, making it susceptible to OS command injection attacks.

This vulnerability allows a local attacker with admin access to execute arbitrary commands, risking the system’s integrity and security.

Beckhoff Automation has released a security update, advising users to upgrade to version 1.0.613.0 to address a vulnerability. CISA also recommends that users check values entered by admins and limit network exposure to control systems to reduce exploitation risks.

ICSA-24-312-02 Delta Electronics DIAScreen:

CISA’s advisories highlighted several stack-based buffer overflow vulnerabilities in Delta Electronics’ DIAScreen equipment, which is mainly used in smart machine engineering and integrated into the DIAStudio Smart Machine Suite.

CVE-2024-47131, CVE-2024-39605, and CVE-2024-39354 are vulnerabilities that allow remote code execution in DIAScreen versions before v1.5.0. Attackers can exploit these to run arbitrary code remotely.

Delta Electronics has released v1.5.0 of DIAScreen and recommends that users update quickly to reduce risks.

ICSA-24-312-03 Bosch Rexroth IndraDrive:

A serious vulnerability in Bosch Rexroth’s IndraDrive equipment, vital for manufacturing, has been revealed by CISA. Known as CVE-2024-48989, it allows attackers to exploit uncontrolled resource consumption, leading to denial-of-service (DoS) attacks. By sending specific UDP messages to devices using the affected PROFINET stack, attackers can render the devices unresponsive, which may disrupt industrial operations.

The vulnerability has a CVSS v3.1 score of 7.5 and a CVSS v4 score of 8.7, indicating a high risk. Bosch Rexroth has not released a specific update, so organizations should take immediate action to reduce risks, such as isolating control systems from internet-facing networks.

CISA urges users to check the latest ICS advisories for important information and solutions.

Check Also

cyber attack

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter …

Leave a Reply

Your email address will not be published. Required fields are marked *