Vulnerabilities in industrial gas detectors require little skill to exploit

Gas detectors used in factories and other industrial settings to identify toxic conditions contain several vulnerabilities that can allow hackers to remotely sabotage the devices, according to an industry advisory published late last week.

The vulnerabilities in the Midas and Midas Black gas detectors manufactured by Honeywell can be exploited by hackers with a low skill level, according to the advisory, which was published Thursday by the Industrial Control System Cyber Emergency Response Team. The first weaknesses is a "path traversal" weakness, which allows remote attackers to bypass the normal authentication system. A second one results in the failure to encrypt user passwords when they're being transmitted.

"Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthenticated access to the device, potentially allowing configuration changes, as well as the initiation of calibration or test processes," the advisory warned. The notice went on to advise organizations that rely on on the detectors to install versions 1.13b3 or 2.13b3, which patch against the vulnerabilities. The advisory pointed to this link from Honeywell.

Read 1 remaining paragraphs | Comments

Seven Steps for Making Identity Protection Part of Your Routine

Original release date: December 07, 2015

The Internal Revenue Service (IRS) has released the third in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be released each Monday through the start of the tax season in January, and will continue through the April tax deadline. US-CERT and IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.

The third tip focuses on seven simple steps for making identity protection part of your daily routine. US-CERT encourages users and administrators to review IRS Security Awareness Tax Tip Number 3 for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

“Nemesis” malware hijacks PC’s boot process to gain stealth, persistence

Malware targeting banks, payment card processors, and other financial services has found an effective way to remain largely undetected as it plucks sensitive card data out of computer memory. It hijacks the computer's boot-up routine in a way that allows highly intrusive code to run even before the Windows operating system loads.

The so-called bootkit has been in operation since early this year and is part of "Nemesis," a suite of malware that includes programs for transferring files, capturing screens logging keystrokes, injecting processes, and carrying out other malicious actions on an infected computer. Its ability to modify the legitimate volume boot record makes it possible for the Nemesis components to load before Windows starts. That makes the malware hard to detect and remove using traditional security approaches. Because the infection lives in such a low-level portion of a hard drive, it can also survive when the operating system is completely reinstalled.

"The use of malware that persists outside of the operating system requires a different approach to detection and eradication," researchers from security firm FireEye's Mandiant Consulting wrote in a blog post published Monday. "Malware with bootkit functionality can be installed and executed almost completely independent of the Windows operating system. As a result, incident responders will need tools that can access and search raw disks at scale for evidence of bootkits."

Read 6 remaining paragraphs | Comments

SprayWMI – PowerShell Injection Mass Spray Tool

SprayWMI is a method for mass spraying Unicorn PowerShell injection to CIDR notations. It’s an alternative to traditional, ‘noisy’ tools which leave something on the disk like PsExec, smbexec, winexe and so on. These tools have worked really well, however, they are fairly noisy creating a service and touching disk which will...

Read the full post at