BLOG

April 9, 2020

Can Building Management Systems be Potential Attack Vectors for Industrial Control Systems?

For many enterprises, working with advanced industrial systems the simultaneous implementation and use of Building Management Systems (BMS) is necessary. However, because their functionality is not seen as crucial for the realisation of the enterprise’s main goal, BMS security can often be overlooked or treated as less important compared to ICS security. Over the last couple of years, Building Management Systems, implemented in order to ensure proper functions of buildings’ systems, became a common target of cyber attacks.

CVE-2020-10551 - privilege escalation in QQBrowser

08.04.2020

QQBrowser is a web browser developed by Tencent. It is one of the most popular web browsers used in China. During our tests, we have found a vulnerability which allows an unprivileged local attacker to gain code execution as NT AUTHORITY\SYSTEM. CVEID: CVE-2020-10551 Name of the affected product(s) and version(s): QQBrowser (all versions prior to 10.5.3870.400) Problem type: CWE-284: Improper Access Control Summary All version of QQBrowser prior to 10.5.3870.400 do not correctly set up ACLs for a TsService.

OT and IT department cybersecurity – linked or separate?

02.04.2020

OT and IT department cybersecurity – linked or separate? In factories, companies and enterprises, cybersecurity for IT and OT departments should not be treated as separate issues. Historically, OT engineers have treated IT as a necessary evil, some of them even would go as far as “locking the infrastructure away” in order to “protect” it from IT department staff. Installing e.g. system updates could potentially mean interruption of system continuity operations and disturbance in monitoring control systems e.

Industrial Network Security Architecture - Network Protection

30.03.2020

Segmenting an industrial network into a cell layer, an aggregation layer, and a backbone layer is not enough from a cybersecurity perspective. Such a solution is missing the necessary functions of restriction of data exchange and the identification of authorised users. To implement these functions additional components capable of filtering the traffic, detecting authorised connections, and sending notifications must be added to the network. The need for accurate network protection and its incident audit capability is reflected in sections SR1.

CVE-2019-14326 - privilege escalation in Andy

23.03.2020

Andy is an Android emulator for Windows and Mac. During our tests, we have found open local TCP ports which could be exploited to escalate privileges from user to root. CVEID: CVE-2019-14326 Name of the affected product(s) and version(s): Andy (all versions up to 46.11.113) Problem type: CWE-284: Improper Access Control Summary All versions of Andy (up to and including 46.11.113, and possibly newer versions as well) allow telnet and ssh access to root account without password protection.

Multiple vulnerabilities in Gurux GXDLMS Director - remote code

24.02.2020

Gurux GXDLMS Director is an open-source Windows program for interacting with energy meters through the use of DLMS/COSEM protocol. The software has a remote update functionality for add-in DLLs as well as for files containing OBIS codes (device-specific definitions needed to interact with the smart meters). CVEID: CVE-2020-8809 Name of the affected product(s) and version(s): Gurux GXDLMS Director (all versions prior to 8.5.1905.1301) Problem type: CWE-494: Download of Code Without Integrity Check

CVE-2019-14514 - remote code execution in MEmu

04.02.2020

MEmu is an Android emulator for Windows. During our tests, we have found an open TCP port which could be exploited to gain code execution with root privileges. CVEID: CVE-2019-14514 Name of the affected product(s) and version(s): Microvirt MEmu (all versions prior to 7.0.2) Problem type: CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Summary All Microvirt MEmu versions prior to 7.0.2 feature a vulnerable binary which listens on port 21509.

How to safely use removable media in ICS networks?

09.01.2020

It’s been 10 years since the alert issued by Cybersecurity and Infrastructure Security Agency (CISA) indicating the risks associated with using USB media as one of the sources of threat to control systems. Despite the passage of years, these threats still exist, and as the example of an attack known as Operation Copperfield shows, we should be afraid of them all the time. It is worth noting that the Federal Office for Information Security in a report published in 2019 lists them as one of the main threats to ICS systems.

Universal Hack and Play

15.12.2019

UPnP (Universal Plug and Play – plug it in and it works) is a protocol that allows direct communication between computers and network devices. It is used in dozens of home appliances and enables devices such as computers, printers, TV sets, WiFi routers, robot vacuums, game consoles, and even microwave ovens or fridges to mutually detect one another’s presence and establish a connection to configure or exchange information. For the end-user, this technology simplifies configuration and access to their own data and services used; it also automates all these processes.

Ransomware – when data becomes hostage

15.12.2019

You sit down to your computer, drink your morning coffee, and … a multi-colored window is displayed on the monitor informing that your data has been encrypted, and only a cryptocurrency deposit on the given account will allow you to recover it. All photos, videos, documents – are gone. You’ve just become a victim of ransomware – digital blackmail. What is ransomware? “Blackmail software” or ransomware, is a type of malware that, after infecting a computer, encrypts or blocks access to data on disks, and then informs the victim of the possibility of recovering them.