January 21, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

7 Updates Published – 1-12-21

admin January 14, 2021 2 min read

Yesterday CISA’s NCCIC-ICS published seven updates for
control system security advisories for products from Siemens.

PROFINET Update

This update
provides additional information on an advisory that was originally
published on October 10th, 2019 and most
recently updated on September 8th, 2020. The new information
includes:

• Updating affected version
information and adding mitigation measures for or SIMATIC ET200SP IM155-6 PN HA,
and

• Listing ecoPN model (6ES7148-6JG00-0BB0)
as not affected.

TIA Portal Update

This update
provides additional information on an advisory that was originally
published on January 14th, 2020 and most
recently updated on April 14th, 2020. The new information
includes updating affected version information and adding mitigation measures
for TIA Portal V14.

Simatic PCS 7 Update

This update
provides additional information on an advisory that was originally
published on February 11th, 2020 and most
recently updated on September 8th, 2020. The new information
includes adding mitigation measures for SIMATIC WinCC (TIA Portal) V14.

SCALANCE Update

This update
provides additional information on an advisory that was originally
published on April 14th, 2020 and most
recently updated on September 8th, 2020. The new information
includes removing the SCALANCE S-600 family as it is not affected.

SIMOTICS Update

This update
provides additional information on an advisory that was originally
published on April 14th, 2020. The new information includes updating
affected versions and adding mitigation measures for:

• Desigo PXC, and

• Desigo PXM20

SIMATIC Update

This update
provides additional information on an advisory that was originally
published on July 9th, 2020 and most
recently updated on December 8th, 2020. The new information
includes updating affected versions and adding mitigation measures for:

• SIMATIC STEP 7 (TIA Portal) V14,
and

• SIMATIC WinCC Runtime
Professional V14

Opcenter Update

This update
provides additional information on an advisory that was originally
published on July 14th, 2020 and most
recently updated on August 11th, 2020. Then new information
includes:

• Adding an insufficiently
protected credentials vulnerability – CVE-2020-28390, and

• Updating mitigation measures

 

Additional Siemens Advisory

 

Siemens published
one additional advisory that was not addressed by NCCIC-ICS yesterday. I will
address that this weekend.

More Stories

1 min read

Supercar Thief Sentenced for Trying to Buy a Grenade on the Darkweb

January 21, 2021 admin
2 min read

Cisco fixed multiple flaws in Cisco SD-WAN products and Smart Software Manager Satellite Web UI

January 21, 2021 admin
1 min read

Biden Treasury Pick Calls Cryptocurrency a “Particular Concern”

January 21, 2021 admin

You may have missed

2 min read

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications . He installed a fake communication tower between two authentic endpoints to mislead the victim. The Bobby used the virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session. Upon receiving the user’s request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

January 21, 2021 admin
1 min read

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

January 21, 2021 admin
1 min read

What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?

January 21, 2021 admin
1 min read

Supercar Thief Sentenced for Trying to Buy a Grenade on the Darkweb

January 21, 2021 admin