10 Critical Flaws Found in CODESYS Industrial Automation Software
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to remote code execution on programmable logic controllers .
«To exploit the vulnerabilities, an attacker does not need a username or password; having network access to the industrial controller is enough,» researchers from Positive Technologies said. CODESYS offers a development environment for programming controller applications for use in industrial control systems. The German software company Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, and Sergey Fedonin of Positive Technologies and Yossi Reuven of SCADAfence for reporting the flaws.
Six of the most severe flaws were identified in the CODESYS V2.3 web server component used by CODESYS WebVisu to visualize a human-machine interface in a web browser. Lastly, a flaw found in the CODESYS Control V2 Linux SysFile library could be used to call additional PLC functions, in turn allowing a bad actor to delete files and disrupt critical processes.
«An attacker with low skills would be able to exploit these vulnerabilities,» CODESYS cautioned in its advisory, adding it found no known public exploits that specifically target them.
Source — 10 Critical Flaws Found in CODESYS Industrial Automation Software (thehackernews.com)
Google Chrome to Help Users Identify Untrusted Extensions Before Installation
Google on Thursday said it’s rolling out new security features to Chrome browser aimed at detecting suspicious downloads and extensions via its Enhanced Safe Browsing feature, which it launched a year ago. To this end, the search giant said it will now offer additional protections when users attempt to install a new extension from the Chrome Web Store, notifying if it can be considered «trusted». Enhanced Safe Browsing involves sharing real-time data with Google Safe Browsing to proactively safeguard users against dangerous sites. «If you choose to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis classifiers in real time,» Google said.
Despite the file being labeled as potentially dangerous, users still have the option to open the file without scanning. Should users opt to scan the file, the company said the uploaded files are deleted from Safe Browsing a short time after scanning. While it didn’t specify the exact timeframe for when this removal would happen, in accordance with Google Chrome Privacy Whitepaper, the company «logs the transferred data in its raw form and retains this data for up to 30 days» for all Safe Browsing requests, after which only anonymized statistics are retained.
Source — Google Chrome to Help Users Identify Untrusted Extensions Before Installation (thehackernews.com)
Hackers Actively Exploiting 0-Day in WordPress Plugin Installed on Over 17,000 Sites
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed.
Wordfence’s threat intelligence team, which discovered the flaw, said it reported the issue to the plugin’s developer on May 31. While the flaw has been acknowledged, it’s yet to be addressed.
Fancy Product Designer is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases by offering the ability to upload images and PDF files that can be added to the products.
“Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed,” Wordfence said in a write-up published on Tuesday.
Armed with this capability, an attacker can achieve remote code execution on an affected website, allowing full site takeover, the researchers noted. Wordfence has not shared the technical specifics of the vulnerability as it found evidence of it being abused as early as January 30.
This is far from the first time Wordfence has disclosed severe issues in WordPress plugins. In December 2017, a hidden backdoor in BestWebSoft captcha plugin was found to affect 300,000 sites.
The Incident Response Plan — Preparing for a Rainy Day
The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.
With so many companies falling victim to cyberattacks, an entire cottage industry of Incident Response (IR) services has arisen. Thousands of IR engagements have helped surface best practices and preparedness guides to help those that have yet to fall victim to a cyberattack.
Recently, cybersecurity company Cynet provided an Incident Response plan Word template to help companies plan for this unfortunate occurrence.
The IR Plan Template created by Cynet recommends following the structured 6-step IR process defined by the SANS Institute in their Incident Handler’s Handbook, which by the way, is another great IR resource. The IR Plan Template helps organizations codify the above into a workable plan that can be shared across the organization. Cynet’s IR Plan Template provides a checklist for each of the IR steps, which of course, can and should be customized based on each company’s particular circumstances. Moreover, the Cynet IR Plan Template delves into IR team structure along with roles and responsibilities to prevent everyone from running around with their hair on fire during the frantic effort to recover from a cyber incident.
Source — The Incident Response Plan — Preparing for a Rainy Day (thehackernews.com)
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT