2022 Week 25 and 26 News Roundup

-

 

Summary

Mostly SCADA stuff the last two weeks.  It seems that the bad guys like to coordinate and cycle.  On a positive note, Biden signed 2 cybersecurity bills in to law!

News

SCADA/IOC general

Researchers with Forescout have announced 56 issues in 26 devices from 10 different companies (enough numbers for you?).  They have named the collective issues  OT:ICEFALL (link below).  The devices all suffer from poor design practices that made them insecure out of the box.  To keep from having more numbers, I will reframe from too deep a dive into the different issues, but if you have any of the affected devices, you should remediate them to the best of your ability.

Here are the CVE's so it is easy to find:
CVE-2022-29953
CVE-2022-29952
CVE-2022-29957
CVE-2022-29962
CVE-2022-29963
CVE-2022-29964
CVE-2022-29965
CVE-2022-29966
CVE-2022-29959
CVE-2022-29960
CVE-2022-29961
CVE-2022-29954
CVE-2022-29955
CVE-2022-29956
CVE-2022-30260
CVE-2022-30267
CVE-2022-30262
CVE-2022-30261
CVE-2022-30264
CVE-2022-30266
CVE-2022-30263
CVE-2022-30265
CVE-2022-30268
CVE-2022-30312
CVE-2022-30313
CVE-2022-30314
CVE-2022-30315
CVE-2022-30316
CVE-2022-30317
CVE-2022-30318
CVE-2022-30319
CVE-2022-30320
CVE-2022-29951
CVE-2022-29958
CVE-2022-30276
CVE-2022-30273
CVE-2022-30270
CVE-2022-30271
CVE-2022-30274
CVE-2022-30275
CVE-2022-30269
CVE-2022-30272
CVE-2022-31204
CVE-2022-31205
CVE-2022-31206
CVE-2022-31207
CVE-2022-31800
CVE-2022-31801
CVE-2022-33139
CVE-2022-29519
CVE-2022-30997
FSCT-2022-0039


It should be noted that some of these vulnerabilities have been exploited in the wild.  


Transportation

Pipeline

There is growing suspicion that Russian hackers, with state ties, named XENOTIME caused an explosion in a U.S. Liquefied Natural Gas (LNG) pipeline.  On June 8th, 2022, Freeport LNG had an explosion at a liquefaction plant and export terminal at their Quintana Island, Texas facility.  The volume processed had immediate impacts on LNG prices worldwide and this is expected to continue until repairs are made.  Estimated repair times are around the end of 2022.  Some familiar with the situation but speaking off the record are pointing fingers at TRITON/TRISIS malware.  This was developed by the Russian Ministry of Defense and was designed for the seizure of ICS components and disabling safety systems.  


Legislative actions 

The U.S. President signed into law 2 bills that seek to increase federal as well as SLTT government cybersecurity.  The Federal Rotational Cyber Workforce Program Act created a program to allow cyber pros to rotate through jobs at different agencies to help them become more well-rounded.  The Sate and Local Government Cybersecurity Act requires the National Cybersecurity and Communications Integration Center (NCCIC) to share security tools and protocols with SLTT entities.  




Location: Oklahoma, USA

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more