US-CERT Blog Alerts

According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad.

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.

Overview This ICS-CERT Advisory is a follow-up to ICS-ALERT-11-080-01. An independent researcher has identified six vulnerabilities in the Siemens Tecnomatix FactoryLink supervisory control and data acquisition (SCADA) product. The researcher has also publicly released exploit code. The researcher identified the following vulnerabilities types: Buffer overflow (2 vul) Absolute Path Traversal (3 vul) NULL Pointer Dereference […]

Overview The sun generates solar flare and coronal mass ejection (CME) events in an approximate 11-year cycle. The plasma clouds generated from these events have the potential to cause geomagnetic storms that can interfere with terrestrial communications and other electronic systems, posing a risk to critical infrastructure. In a recent case, Earth-orbiting satellites detected the […]

Overview ICS-CERT has received a report from independent security researcher Dan Rosenberg with Virtual Security Research (VSR) of an unauthenticated Structured Query Language (SQL) vulnerability in the Ecava IntegraXor human machine interface (HMI) product that could allow data leakage, data manipulation, and remote code execution against the backend host running the database service. ICS-CERT has […]

Overview This advisory is a follow-up to ICS-ALERT-11-066-01 – WellinTech KingView 6.53 ActiveX Vulnerability, published on the ICS-CERT Web page on March 7, 2011. An independent security researcher reported a stack-based buffer overflow vulnerability in an ActiveX control in WellinTech KingView V6.53. The researcher has publicly released exploit code for this vulnerability. Successful exploitation of […]

Overview An independent security researcher has published information to a vulnerability disclosure website regarding a buffer overflow vulnerability in the Wonderware InBatch and I/A Series Batch software products (all supported versions). According to the researcher’s report, the service listening on TCP Port 9001 is vulnerable to a buffer overflow that could cause denial of service […]

Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The following ClearSCADA versions are affected: ClearSCADA 2005 (all versions) ClearSCADA 2007 (all versions) ClearSCADA 2009 (all versions except R2.3 and R1.4). ——— […]

Overview McAfee has published a white paper titled “Global Energy Cyberattacks: Night Dragon,”McAfee, http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, accessed February 10, 2011.  which describes advanced persistent threat activity designed to obtain sensitive data from targeted organizations in the global oil, energy, and petrochemical industries. According to the report, this activity began in 2009 or potentially as early as 2007. […]

Overview ICS-CERT has received a report from independent security researcher Jeremy Brown that a remote heap corruption vulnerability exists in IGSS (Interactive Graphical SCADA System) Version 8 from 7-Technologies (7T). 7T has verified the vulnerability and has developed a patch. Affected Products This vulnerability affects only IGSS Versions 8 and 9. Users can contact 7T […]