HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
gron-0.6.1-2.fc34
Security fix for CVE-2022-28327
Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects.
Read more in my article on the Tripwire State of Security blog.
Cyber security leaders of U.S. cities and states must protect their systems and data from nation-state attackers, including Russian hackers.
President Biden has warned of potential Russian cyberattacks against the U.S. as part of Russia’s ongoing conflict with Ukraine. In addition to alerting U.S. companies and critical infrastructure providers, President Biden has also warned state and local governments, saying they too must immediately harden their cyber defenses.
Specifically, the President sent letters to each governor asking them to increase oversight of their states’ critical infrastructure and offering assistance from the federal government to help each state shore up their cybersecurity defenses. The letter referenced the May 2021 Executive Order on Improving the Nation’s Cybersecurity, which established a set of essential, baseline standards for federal agencies to adopt, and urged state leaders to implement the same standards to secure their state’s computer systems and critical infrastructure. These standards include conducting exercises to plan and prepare for cyberattacks, and ensuring that systems are patched and up to date to protect against vulnerability exploits.
Malicious cyber actors, whether related to Russia’s attack on Ukraine or not, will continue to strike, especially when targets are distracted or unprepared. Fortifying cyber defenses does not happen overnight, but there are strategies state and local governments can employ to make their systems more secure against nation-state threats.
Invest in risk-based vulnerability management: The rise of nation state cyber threats makes it imperative for state and local governments to prioritize cybersecurity efforts where they are needed most rather than trying to find and patch every vulnerability. Risk-based VM scans help prioritize the vulnerabilities that pose the biggest risk to state and local government entities if they’re exploited by attackers. Leveraging risk-based VM, state and local governments can protect their citizens, data and systems from cyber attacks.
Safeguard state and local critical infrastructure: As IT/OT environments converge, cyber attack landscapes expand rapidly. Government entities must employ tools to proactively identify IT/OT weaknesses and protect critical infrastructure from cyber attacks. Visibility, threat tracking and situational awareness are essential to securing critical infrastructure.
Implement a zero-trust strategy: Take a ‘trust no one’ policy to disrupt attack paths and secure state and local governments against cyber attacks. Verifying everything before granting access to various networks and systems prevents attacks that leverage misconfigurations, and continuously assesses which resources are susceptible to a breach.
Secure your Active Directory: As the master key to an organization’s system and network privileges, Active Directory is a prime target for attackers looking to gain administrator privileges and engage in lateral movement. To keep AD safe and secure, state and local governments should enforce local administrator password solutions (LAPS) and privileged access management (PAM), and promote cybersecurity best practices such as multi-factor authentication and strong password policies.
For state and local governments facing mounting risks of cyber attacks to their information systems and critical infrastructure, the strategies laid out above are a great way to get started, but by no means a comprehensive list. Do not be caught off guard, Tenable can help you remain vigilant of cyber threats.
Find out how state and local governments can defend against ransomware.
Enterprises around the world are being barraged by risk events, according to a report released Wednesday by Forrester. The State of Risk Management 2022 report, which is based on a survey of 360 enterprise risk management decision makers in North America and Europe, found that 41% of organizations have experienced three or more critical risk events in the last 12 months.
Risk events, incidents and disruptions have become so frequent that the increased level of risk is the “new normal,” Forrester reported. Nearly half the participants in the survey (44%) confirmed that enterprise risk has increased over the last year, although that varies by region. For example, 64% of North American respondents confirmed an increase in risk, while only 37% of European respondents did.
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.
A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device.
