Researchers extract master encryption key from Siemens PLCs

Read Time:44 Second

Security researchers have found a way to extract a global encryption key that was hardcoded in the CPUs of several Siemens programmable logic controller (PLC) product lines, allowing them to compromise their secure communications and authentication. Siemens advises all customers to upgrade both the firmware of the impacted devices as well as the TIA Portal software that engineers use to communicate with them and deploy their programs.

According to security researchers from Claroty, Siemens introduced asymmetric cryptography to its SIMATIC S7-1200/1500 PLC CPUs almost a decade ago to protect their configuration, programs, and communications. However, the company chose to do so by using a hardcoded global private key for all devices from those product families because back then dynamic key distribution and management was not a common practice and a potential burden for customers.

To read this article in full, please click here

Read More

CVE-2021-0951

Read Time:13 Second

In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085

Read More

CVE-2021-0696

Read Time:14 Second

In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778

Read More

CVE-2020-14131

Read Time:14 Second

The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.

Read More

CVE-2020-14129

Read Time:10 Second

A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.

Read More

CVE-2021-36913

Read Time:12 Second

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.

Read More

Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)

Read Time:5 Minute, 56 Second

Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)

Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws.

13Critical

71Important

0Moderate

0Low

Microsoft patched 84 CVEs in its October 2022 Patch Tuesday release, with 13 rated as critical and 71 rated as important.

This month’s update includes patches for:

Active Directory Domain Services
Azure
Azure Arc
Client Server Run-time Subsystem (CSRSS)
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Microsoft Office SharePoint
Microsoft Office Word
Microsoft WDAC OLE DB provider for SQL
NuGet Client
Remote Access Service Point-to-Point Tunneling Protocol
Role: Windows Hyper-V
Service Fabric
Visual Studio Code
Windows Active Directory Certificate Services
Windows ALPC
Windows CD-ROM Driver
Windows COM+ Event System Service
Windows Connected User Experiences and Telemetry
Windows CryptoAPI
Windows Defender
Windows DHCP Client
Windows Distributed File System (DFS)
Windows DWM Core Library
Windows Event Logging Service
Windows Group Policy
Windows Group Policy Preference Client
Windows Internet Key Exchange (IKE) Protocol
Windows Kernel
Windows Local Security Authority (LSA)
Windows Local Security Authority Subsystem Service (LSASS)
Windows Local Session Manager (LSM)
Windows NTFS
Windows NTLM
Windows ODBC Driver
Windows Perception Simulation Service
Windows Point-to-Point Tunneling Protocol
Windows Portable Device Enumerator Service
Windows Print Spooler Components
Windows Resilient File System (ReFS)
Windows Secure Channel
Windows Security Support Provider Interface
Windows Server Remotely Accessible Registry Keys
Windows Server Service
Windows Storage
Windows TCP/IP
Windows USB Serial Driver
Windows Web Account Manager
Windows Win32K
Windows WLAN Service
Windows Workstation Service

Elevation of privilege (EoP) accounted for 46.4% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 23.8%.

Note: Microsoft has not included patches for the two zero-day vulnerabilities in Microsoft Exchange, CVE-2022-41040 and CVE-2022-41082, that were disclosed on September 28 in this release.

Important

CVE-2022-41033 | Windows COM+ Event System Service elevation of privilege vulnerability

CVE-2022-41033 is an EoP vulnerability in the Windows COM+ Event System Service, which enables system event notifications for COM+ component services. It received a CVSSv3 score of 7.8. An authenticated attacker could exploit this vulnerability to elevate privileges on a vulnerable system and gain SYSTEM privileges.

Microsoft says that this vulnerability has been exploited in the wild, though no additional information was shared.

Critical

CVE-2022-37968 | Azure Arc-enabled kubernetes cluster connect elevation of privilege vulnerability

CVE-2022-37968 is an EoP vulnerability in Microsoft’s Azure Arc, affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. With a CVSSv3 score of 10, the highest possible rating, an unauthenticated attacker could exploit this vulnerability in order to gain administrative privileges for a Kubernetes cluster. While updates have been released, users that do not have auto-upgrade enabled must take action to manually upgrade Azure Arc-enabled Kubernetes clusters. Microsoft’s security advisory provides additional information and steps to upgrade and how to check your current version. In July, Tenable disclosed a vulnerability in Azure Arc wherein passwords were being logged in plaintext. You can read more about the disclosure on the Tenable Techblog.

Important

CVE-2022-38028 | Windows Print Spooler elevation of privilege vulnerability

CVE-2022-38028 is an EoP vulnerability in Windows Print Spooler components that received a CVSSv3 score of 7.8 and was rated “Exploitation More Likely” according to Microsoft’s Exploitability Index. Exploitation would allow an attacker to gain SYSTEM privileges. The flaw was disclosed to Microsoft by the National Security Agency. This marks the third EoP vulnerability in Windows Print Spooler credited to the NSA this year, following CVE-2022-29104 and CVE-2022-30138 in May.

Important

CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 | Microsoft SharePoint Server remote code execution vulnerability

CVE-2022-38053, CVE-2022-41036, CVE-2022-41037 and CVE-2022-41038 are RCE vulnerabilities in Microsoft SharePoint Server that all received a CVSSv3 score of 8.8. All except CVE-2022-41037 were rated “Exploitation More Likely,” and CVE-2022-41038 is the only one that has a critical rating. To exploit these vulnerabilities, a network-based attacker would need to be authenticated to the target SharePoint site with permission to use Manage Lists.

Important

CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 | Windows Kernel elevation of privilege vulnerability

CVE-2022-37988, CVE-2022-37990, CVE-2022-37991, CVE-2022-37995, CVE-2022-38022, CVE-2022-38037, CVE-2022-38038 and CVE-2022-38039 are EoP vulnerabilities in the Windows Kernel. With the exception of CVE-2022-38022, all the CVEs received CVSSv3 scores of 7.8 and could allow an attacker to elevate their privileges to SYSTEM. CVE-2022-38022 was scored CVSSv3 of 2.5 and would only allow an attacker to delete empty folders as SYSTEM. The attacker would not be able to view or edit files, nor delete folders that were not empty.

Important

CVE-2022-41043 | Microsoft Office information disclosure vulnerability

CVE-2022-41043 is an information disclosure vulnerability affecting Microsoft Office for Mac. While exploitation requires local access to the host, this was the only publicly disclosed vulnerability patched this month. It is credited to Cody Thomas with SpecterOps.

Critical

CVE-2022-37976 | Active Directory Certificate Services elevation of privilege vulnerability

CVE-2022-37976 is an EoP vulnerability affecting Active Directory Certificate Services. According to the advisory, a malicious Distributed Component Object Model (DCOM) client could be used to entice a DCOM server to authenticate to the client, allowing an attacker to perform a cross-protocol attack and gain domain administrator privileges. While Microsoft rates this as “Exploitation Less Likely,” ransomware groups often seek out vulnerabilities and misconfigurations in Active Directory to leverage for spreading malicious payloads across an organization’s network. As highlighted in Tenable’s Ransomware Ecosystem report, Active Directory plays a pivotal role in ransomware attacks.

Tenable Solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains October 2022.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s October 2022 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

Microsoft’s October 2022 Security Updates
Tenable plugins for Microsoft October 2022 Patch Tuesday Security Updates

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

CISOs Tell All: Everything You’ve Ever Wanted To Know About CISOs in 2022

Read Time:3 Minute, 27 Second

You’ve got questions and they’ve got answers. A global survey provides a snapshot of what it’s like to sit in the CISO chair, as these cybersecurity leaders face increasingly sophisticated cyber threats and heightened expectations from their organizations. 

They’re questions that most cybersecurity professionals have about their CISOs. Which career path do they take on their way to becoming cyber chiefs? How long do they stay at their jobs? How much do they earn? And, most importantly, what keeps a CISO up at night? 

The third annual global survey of CISOs from executive search firm Heidrick & Struggle takes a deep dive into the organizational structure and compensation data from top cybersecurity leaders around the world. 

The 2022 Global Chief Information Security (CISO) Survey polled 327 CISOs from the U.S., Europe and Asia-Pacific. While most respondents were predominantly from the U.S., other countries such as Australia, Belgium, France, Germany, the Netherlands, Singapore, South Korea, and the U.K. were also represented. 

What CISOs had to say

The survey revealed some significant findings in the following areas: 

Most significant threats facing their organizations. Most CISOs listed ransomware (67%) as their organization’s top threat, followed by insider threats (32%), nation/state attacks (31%) and malware attacks (21%). 

Tenure length. In an encouraging trend for job stability, 77% of respondents said they’ve been at their current position for at least three years, up from 5% of respondents in 2021’s survey. Additionally, almost two-thirds of CISOs who have been in their current role for less than a year came from a previous CISO role, highlighting a broader trend that CISO roles are often terminal. 

An increase in cash compensation. In the U.S., CISO’s reported median cash compensation rose from $509,000 to $584,000, a 15% increase from last year and a 23% increase from 2020. Total compensation, including equity grants and other incentives, has increased to $971,000 from $936,000 in 2021. 

Team size. In comparison to last year, CISOs’ team size grew, with the share of CISOs with the smallest teams dropping from 38% to 31% while the share with the largest teams rose from 18% to 21%. Team-size growth reflects increased investment by organizations in cybersecurity. And with burnout being a key concern among CISOs, larger teams may, over time, help to reduce it. 

Organizational visibility. CISOs reported having significant visibility with their board of directors, with 88% of CISOs saying that they present to either the full board or to a board committee. However, regionally, U.S. CISOs most often present to the full board while CISOs in APAC and the Middle East most often present to a committee with reporting to the audit committee typically being more frequent. 

Personal risks. CISOs reported burnout, stress and higher-than-usual staff turnover as the highest personal risks associated with this role. It is recommended that organizations succession or retention plans so that CISOs do not make unnecessary exits. 

(Source: “2022 Global Chief Information Security Officer (CISO) Survey” from Heidrick & Struggles, August 2022.)

Where do CISOs see themselves in the future? 

The majority of CISOs desire to be something other than a CISO with more than half wanting to be board members. Regionally, 56% of CISOs in the U.S. desire to be board members while only 40% of CISOs in Europe expressed the same desire. 

Although there’s an increased focus and investment in cybersecurity, the study found that there is still not enough interest from organizations in having CISOs become board members, though this could change in the future. Outside of board roles, the career path of a CISO still remains tricky. Despite 38% of CISOs globally reporting to their CIO, only 13% see that as an ideal next role. Therefore, the career path for CISOs moving forward still remains unclear. 

Learn more: 

“Cybersecurity on the board: How the CISO role is evolving for a new era” (TechMonitor) 
“7 best reasons to be a CISO” (CSO) 
“Effective Board Communication for CISOs” (CISO Street) 
“7 mistakes CISOs make when presenting to the board” (CSO)
Cybersecurity Snapshot: 6 Things That Matter Right Now

Read More