Cyble Chronicles -September 27: Latest Findings & Recommendations for the Cybersecurity Community
This week, Cyble identified critical vulnerabilities in Siemens and Rockwell Automation systems, highlighting urgent fixes needed. A Patchwork APT group campaign targets Chinese entities, and U.S. water treatment systems are increasingly at risk. CERT-In warns of high-severity vulnerabilities in Apex Softcell platforms. Cyble earned 13 G2 Cybersecurity Fall 2024 badges and won Best Product for MSSPs at the CISO50 & Future Security Awards. Check your cyber risk with a 14-day trial of Cyble’s Cyber Threat Intelligence!
Top ICS Vulnerabilities This Week: Cyble Urges Siemens and Rockwell Automation Fixes
Cyble researchers have identified 11 vulnerabilities in industrial control systems (ICS) from companies like Siemens, Rockwell Automation, Yokogawa, Kastle Systems, IDEC Corporation, and MegaSys Computer Technologies. Two critical vulnerabilities need immediate attention: an uncontrolled resource consumption flaw in Siemens SIMATIC S7-200 SMART CPUs, and a data authenticity issue in Rockwell Automation’s RSLogix software, which could allow unauthorized script execution.
To know the complete analysis, click here.
Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses
CRIL uncovered an ongoing campaign by the Patchwork APT group targeting Chinese entities. The attackers use a malicious LNK file, likely from a phishing email, to execute a PowerShell script that downloads a PDF decoy and a malicious DLL. The campaign employs DLL sideloading via "WerFaultSecure.exe" to bypass detection, with the DLL executing shellcode that evades security mechanisms and steals sensitive information from compromised systems. Read more.
Deluge of Threats to Water Utilities: Plugging the Leaks in Operational Technology Security
Water treatment facilities, with over 148,000 systems in the U.S., are increasingly vulnerable to cyberattacks due to weak cybersecurity measures. A recent attack on the Arkansas City water treatment plant in September 2024 highlighted this issue, forcing a switch to manual operations. Cyble Research & Intelligence Labs (CRIL) stresses the urgent need to protect operational technology (OT) assets by implementing basic cybersecurity protocols, such as changing default credentials, enforcing network segmentation, and reducing internet exposures. To analyze the whole incident, check here.
Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns
The Indian Computer Emergency Response Team (CERT-In) has warned about five high-severity vulnerabilities in Apex Softcell's mobile stock trading and back-office platforms. Affected versions include LD Geo versions prior to 4.0.0.7 and LD DP Back Office versions before 24.8.21.1. These vulnerabilities could allow remote attackers to perform user enumeration, bypass OTP verification, manipulate unauthorized transactions, or access sensitive user information. Read the complete incident here.
Cyble Vision Awarded Multiple Badges in G2’s 2024 Fall Report
Cyble, a global leader in cybersecurity and threat intelligence, has received 13 honors in G2's Cybersecurity Fall 2024 badges. G2, a trusted software marketplace, evaluates companies based on customer reviews, user satisfaction, and market presence. These accolades highlight Cyble's leadership in tackling cybersecurity challenges and providing advanced solutions to organizations globally.
Cyble Wins Best Product for MSSPs of the Year at the Prestigious CISO50 & Future Security Awards
Cyble was awarded the Best Product for Managed Security Service Providers (MSSPs) at the CISO50 & Future Security Awards in Dubai, UAE. The ceremony, held at The Ritz-Carlton, Jumeirah Beach Residences, recognized influential leaders and companies making notable contributions to the cybersecurity industry in the Middle East and North Africa (MENA) region.
Check your Cyber Risk Today!
Start a 14-day trial with our experts and experience firsthand how Cyble’s advanced AI-powered Cyber Threat Intelligence can strengthen your cybersecurity posture.