News

Lecture and discussion event in Nuremberg

Due to strong internationalization, SMEs are exposed to high demands from their customers in the area of information security. Espionage, corruption or trademark infringements are just a few of the dangers that SMEs should keep an eye on in order to avoid serious consequences.

One thing is certain: IT systems and data networks are the gateway for digital espionage.

It is therefore important to strengthen IT security as a critical success factor for Industry 4.0. This is where we, the CERT@VDE, can help you with the first platform to provide support for IT security incidents for SMEs in the field of automation.

Meet us at the lecture and discussion event "Cyber-Security for companies & private users" and get to know the CERT@VDE!

Joint workshop with VDE @CERT & Fraunhofer IOSB-INA on 30.04.2019

The one-day workshop offers a practical introduction to the cyber security of automation systems - from classic systems to cyber-physical production systems in the sense of Industry 4.0. Established methods for intelligent and secure Industry 4.0 communication will be presented in order to implement use cases such as condition monitoring, plug & work and optimization.

Participants will receive an overview of security concepts in automation technology to protect their company's production from cyber attacks.

Methods for identifying security gaps and dealing with cyber security incidents are also presented.

Project on industrial espionage and competitive intelligence in Germany and Europe

The BMBF-funded project Industrial espionage and competitive intelligence in Germany and Europe, WISKOS for short, focused on the systematic analysis of the threat to small and medium-sized enterprises (SMEs) from industrial espionage and competitive intelligence. The project also looked at the dangers for scientific organizations and the police perspective on the area of crime." - www.wiskos.de

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS Command Injection vulnerabilities (incl. PoC)

Maxim Khazov via Fulldisclosure:

Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS
Command Injection vulnerabilities:

#1 Authenticated OS Command Injection in web server ping functionality

Reserverd CVE ID: CVE-2018-19659

A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root
user. Exploitation required authentication. This is similar to CVE-2017-12120.

The digital oscilloscope SDS 1202X-E from SIGLENT TECHNOLOGIES is affected by several vulnerabilities (e.g. "Hardcoded Backdoor Account").
The company SEC Consult has published an advisory.

Update A, 5.12.2018

SIGLENT TECHNOLOGIES issued the following response after the publication of the advisory:

Siglent Technologies is fully committed to providing its customers with safe and secure firmware for all of its test and measurement products. While most test instruments, such as oscilloscopes, are connected to small localized networks and not accessible from the outside, we realize the growing trend for internet connected devices opens up new risks that are being addressed within our engineering and product development process. Siglent’s team of engineers is constantly developing firmware updates to address advanced technology features, as well as internet security updates to prevent the risk of network attacks. Siglent prides itself in being a global leader for hardware and software development in the test and measurement industry. We will continue to support our customers with firmware updates to stay ahead of potential security risks as they emerge in a time where vulnerability is becoming increasingly prevalent.

Please contact Siglent directly if you have any concerns about the security or your Siglent test instrument. www.siglenteu.com/contact-us

Thank you

A few current & further links on "GreyEnergy" malware incl. IOCs:

15.06.2018 How dangerous (and innovative) is the newly discovered power grid malware?
https://www.fifthdomain.com/home/2017/06/15/how-dangerous-and-innovative-is-the-newly-discovered-power-grid-malware/

17.10.2018 GreyEnergy: A successor to BlackEnergy
https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf

17.10.2018 GreyEnergy: Updated arsenal of one of the most dangerous threat actors
https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/

17.10.2018 GreyEnergy IOCs by ESET
https://github.com/eset/malware-ioc/blob/master/greyenergy/README.adoc

New legal paths and detours to China
Gloomy forecasts and even the nationwide shutdown of VPN tunnels: The new "Cyber Security Law", which has been in force in the People's Republic of China since June 2017, has once again caused quite a stir in German-language media and blogs over the past few months.

Dr. Dennis-Kenji Kipker summarizes the topic as of September 2018. The complete article is available as PDF.