In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-f27h-g923-68hw: OpenStack Neutron can use an incorrect ID during policy enforcement

Andrew Tate’s “The Real World” platform has been breached, again, leaking user data including emails and private chat…

Andrew Tate’s “The Real World” platform has been breached, again, leaking user data including emails and private chat logs. Explore the details of the hack and leaked data.

Andrew Tate, the controversial social media influencer currently under house arrest, is the newest victim of hacktivism. According to reports, unidentified hackers have successfully breached his online self-help platform, _The Real World_, formerly known as Hustler’s University.

Screenshot from the leaked data (Credit: Hackread.com)

The incident occurred when Tate was busy streaming the latest episode of his _show Emergency Meeting_, which airs on Rumble. This attack has resulted in the exposure of sensitive user data, including usernames, email addresses, and private chat messages. 

For your information, The Real World is an online university that focuses on health, fitness, financial investment, and e-commerce businesses with over 113,000 active users. It provides advanced training and mentoring at $50 per month and also teaches users how to master money making skills. 

The hackers, as per DailyDot, exploited a critical security vulnerability in the platform. After the successful attack, they flooded the primary chatroom with pro-feminist and LGBTQ+ emojis, temporarily banning users, and deleting attachments.

Their posted emojis included transgender flags, feminist fist, Tate’s AI-generated image draped in rainbow flags, another one with his buttocks enlarged, and cat characters used in his “boykisser” meme. 

Screenshot shows emojis spammed by the hackers

What is more concerning is that according to DDoSecrets, the hackers also managed to access a vast amount of user data, including over 794,000 usernames comprising current and former members, the content of The Real World’s 221 public and 395 private chat servers covering around a dozen campuses, and nearly 325,000 email addresses of users removed from the platform.

Tate is a controversial figure known for his toxic masculinity. The leaked data, now publicly available, offers a glimpse into the community that has formed around Tate with users expressing concerns about the _LGBTQ agenda_, the _matrix_, and recurrent shooting incidents. The hackers claimed their motive was hacktivism and Tate’s site being ‘hilariously insecure.’

It’s worth noting that this isn’t the first time Tate’s online platform has been compromised. Earlier this year, a data breach exposed millions of user messages and personal information due to a MongoDB database containing 88 gigabytes of data belonging to 968,447 user accounts being exposed since April 8, 2024. These repeated security failures raise serious questions about the platform’s commitment to protecting user data and maintaining a secure online environment.

1.  SiegedSec Hacktivist Strike NATO and Leak Sensitive Docs
2.  DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest
3.  Muslim Hacktivists Hack ISIS website; expose subscribers list
4.  Hacktivists Shut Down Donald Trump Hotel Collections Website
5.  RansomHub Hits Planned Parenthood Hack, Steals 93GB of Data
6.  SiegedSec Hits Heritage Foundation; Leaks Data Over “Project 2025”

Andrew Tate’s University Breach: 1 Million User Records and Chats Leaked

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

Inadequate Encryption Strength vulnerability in Apache Answer.

This issue affects Apache Answer: through 1.4.0.

The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable.
Users are recommended to upgrade to version 1.4.1, which fixes the issue.

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.

Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-52804

**Tornado has an HTTP cookie parsing DoS vulnerability**

High severity GitHub Reviewed Published Nov 22, 2024 in tornadoweb/tornado

**Package**

pip tornado (pip)

**Affected versions**

<= 6.4.1

**Description**

The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests.

See also CVE-2024-7592 for a similar vulnerability in cpython.

**References**

*   GHSA-8w49-h785-mj3c

Published to the GitHub Advisory Database

Nov 22, 2024

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012…

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012 & CVE-2024-9474, enabling admin bypass and root access. Top targets: US & India.

Cybersecurity researchers at Shadowserver have revealed that approximately 2,000 **Palo Alto Networks** firewalls have been compromised. The breaches leverage two recently identified zero-day vulnerabilities in the company’s PAN-OS software. These vulnerabilities have been labeled as CVE-2024-0012 and CVE-2024-9474.

****The Vulnerabilities****

**CVE-2024-0012**: This vulnerability is an authentication bypass in the PAN-OS management web interface. It allows remote attackers to gain administrator privileges without authentication. This means attackers can tamper with firewall settings, making them more susceptible to further exploitation.

**CVE-2024-9474**: This flaw is a privilege escalation issue. Once exploited, it lets attackers execute commands with root privileges, giving them full control over the compromised firewall.

> Heads-up! Thanks to collaboration with the Saudi NCA we are now scanning & reporting Palo Alto Networks devices COMPROMISED as a result of a CVE-2024-0012/CVE-2024-9474 campaign. Found ~2000 instances compromised on 2024-11-20: dashboard.shadowserver.org/statistics/c… Top affected: US & India
> 
> — The Shadowserver Foundation (@shadowserver.bsky.social) November 21, 2024 at 9:45 AM

****Operation Lunar Peek – Ongoing Threat Activity****

Palo Alto Networks has **named** the initial exploitation of these vulnerabilities “Operation Lunar Peek.” Palo Alto Networks initially warned customers on November 8 about restricting access to their next-generation firewalls due to an unspecified remote code execution flaw.

Since then, the company has observed a notable increase in threat activity following the public release of technical insights by third-party researchers on November 19, 2024.

Unit 42, Palo Alto Networks threat intelligence team, assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which could lead to broader threat activity.

The company is currently investigating the ongoing attacks, which involve chaining these two vulnerabilities to target a limited number of device management web interfaces. The company has observed threat actors dropping malware and executing commands on compromised firewalls, indicating that a chain exploit is likely already in use.

****Recommendations for Users****

Palo Alto Networks has provided several recommendations to mitigate the risk:

*   **Monitor and Review:** Users should monitor for any suspicious or abnormal activity on devices with a management web interface exposed to the internet. After applying the patch, it is crucial to review firewall configurations and audit logs for any signs of unauthorized administrator activity.
*   **Patch Immediately:** Customers are advised to update their systems to receive the latest patches that fix CVE-2024-0012 and CVE-2024-9474. Detailed information about affected products and versions can be found in the Palo Alto Networks Security Advisories.
*   **Restrict Access:** To reduce the risk, Palo Alto Networks recommends restricting access to the management web interface to only trusted internal IP addresses. This is in line with their recommended best practice deployment guidelines.

****Expert Insights****

**Elad Luz**, Head of Research at Oasis Security, emphasizes the importance of immediate action even before patching. He advises affected customers to restrict access to the web management interface, preferably allowing only internal IPs. Luz also stresses the need to ensure that devices are free from any potential malware or malicious configurations after patching.

1.  Palo Alto Patches 0-Day Exploited by Python Backdoor
2.  Authentication bypass Flaw found in NATO approved firewall
3.  Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
4.  CISA Urges Patching of Palo Alto Networks’ Expedition Tool Flaw
5.  Backdoor account found in 100K+ Zyxel Firewalls, VPN Gateways

Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked

Learn how to prevent payment fraud with effective fraud detection, online prevention solutions, and secure payment orchestration strategies.…

Learn how to prevent payment fraud with effective fraud detection, online prevention solutions, and secure payment orchestration strategies.

****The Basics of Fraud Prevention in Online Payments****

With the surge in e-commerce and digital payments, fraudulent transactions have become more sophisticated, costing businesses billions annually. For businesses, effective **fraud prevention tools** and solutions have become a necessity.

This article explores the essentials of payment fraud prevention, highlighting common threats, the role of payment orchestration platforms with advanced security measures, and best practices to safeguard transactions.

****Common Types of Payment Fraud****

Understanding the **types of fraudulent payments** is the first step in implementing an effective fraud prevention strategy. Here’s the list of the most common types of online payment fraud:

*   **Identity theft:** Fraudsters use stolen identities to make unauthorised purchases or access accounts.
*   **Phishing scams:** Cybercriminals trick users into revealing sensitive payment data and further misuse it.
*   **Card-not-present or CNP fraud**: This occurs during online transactions without the physical card, making verification more difficult.
*   **Chargeback fraud**: Fraudsters make purchases and later dispute the charges to reclaim the funds.

Each of these threats underscores the need for robust online fraud prevention solutions and payment fraud detection systems.

****Essential Security Features for Fraud Prevention****

Investing in advanced security measures is key to mitigating payment fraud risks. Online businesses often implement tokenisation and encryption to secure sensitive payment information by converting it into protected formats that are unusable to fraudsters.

Also, two-factor authentication adds an extra layer of security by requiring dual forms of identification, while AI-powered payment fraud analytics enhance fraud detection by analysing patterns to identify and block fraudulent transactions in real-time.

Traditionally, compliance with PCI DSS standards ensures adherence to the highest levels of payment data protection. Payment processing solutions, including **white-label ISO/MSP** platforms, often incorporate these features, enabling businesses to safeguard against fraudulent transactions effectively.

****Best Practices for Fraud Prevention****

Implementing a comprehensive **fraud prevention strategy** requires a mix of technology, policies, and education. The following list will help you understand the basics.

*   Adopt advanced fraud detection tools. **Utilise AI and machine learning** for real-time monitoring and alerts.
*   Regularly update security protocols. Cyber threats evolve rapidly, necessitating frequent updates to your systems.
*   Educate your team and customers. Training employees and informing customers about common fraud tactics helps mitigate risks.
*   Leverage payment orchestration. Streamlined payment routing with fraud checks reduces vulnerabilities.
*   Conduct payment fraud analytics. Regular analysis of transaction data can reveal patterns indicative of fraud.

By adopting these practices, businesses can better protect themselves against payment fraud while keeping transactions smooth and secure for everyone.

**Conclusion**

Payment fraud is a growing threat that demands businesses to invest in **anti-fraud strategies** and leverage advanced technologies like payment fraud detection and analytics to protect their revenue and reputation. Staying alert and regularly updating fraud prevention strategies is key to long-term success in the world of digital payments.

1.  Best Paid and Free OSINT Tools for 2024
2.  How ID Scanning Apps Can Prevent Fraud
3.  Leveraging AI for Enhanced Threat Detection – Prevention
4.  Imperative of Automating Fraud Detection in Financial Institutions
5.  Why Incident Response Plans Are Key to Cybersecurity Resilience

Fraud Prevention in Online Payments: A Practical Guide

At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens.

Source: Clare Louise Jackson via Shutterstock

Despite a spate of recent cyberattacks raising the awareness of water-infrastructure vulnerabilities, nearly 100 large community water systems (CWS) continue to have serious security weaknesses in Internet-facing systems, putting the water supply of nearly 27 million Americans at risk.

The critical and high-severity vulnerabilities affect more than 9% of the 1,062 water systems in the United States that serve at least 50,000 people, according to an Environmental Protection Agency (EPA) report released on Nov. 13. The vulnerabilities were discovered through passive assessments conducted in October that looked at more than 75,000 IP addresses and 14,400 domains.

Overall, millions of citizens — along with businesses, schools, and hospitals — rely on the affected water systems. "If malicious actors exploited the cybersecurity vulnerabilities we identified in our passive assessment, they could disrupt service or cause irreparable physical damage to drinking water infrastructure," the EPA stated.

Over the past three years, water systems have become increasingly targeted by state-sponsored groups, ransomware gangs, and hacktivists. In 2023, Iran-linked cyberattackers compromised programmable logic controllers (PLCs) at a water utility in Pennsylvania, as well as 10 wastewater treatment plants in Israel. In 2021, a hacker targeted a water treatment plant in Florida and even changed the chemical mixture for the water, but did not have the sophistication to evade detection. In September, a water treatment plant in Arkansas City, Kan., switched to manual operation after the facility was the target of a cybersecurity incident.

Related:Dark Reading Confidential: Pen-Test Arrests, 5 Years Later

Water system vulnerabilities are a critical issue that could impact businesses, especially power-generation systems and data centers, but especially have the potential to cause human harm, says Vinod D'Souza, head of manufacturing and industry in the Office of the CISO at Google Cloud.

"Water utilities are unique in the \[operational technology\] OT world because they directly impact public health, requiring stringent security to prevent catastrophic consequences like contaminated water supplies," he says. "Their geographical spread and complex systems pose distinct cybersecurity challenges not found in other sectors."

**Water, Water, Everywhere ... Nary a Drop of Security?**

The United States has nearly 150,000 water systems, consisting of three types of public infrastructure. Community water systems (CWS) provide water to residents living in a town or city year-round and account for approximately a third (33.7%) of water systems. Transient noncommunity water systems (TNCWS) supply water to travelers and visitors to a specific location — such as a campground or gas station — but not on a permanent basis. These make up 54.3% of public water systems. The final 12% of systems consist of nontransient noncommunity water systems (NTNCWS), which provide water to people in nonresidential locations — such as schools, businesses, and hospitals.

Related:Going Beyond Secure by Demand

Because many water agencies are small and serving communities, they face the same challenges as other local government agencies: a lack of resources, legacy technology, architectures that were not designed to be defensible, and a lack of visibility, says Paul Shaver, global practice lead for ICS/OT security consulting at Google Cloud's Mandiant division.

"This is compounded by the fact that many municipal water agencies have financial constraints that make it difficult to identify risk and develop security capabilities that are appropriate for their organization size," he says.

By EPA regulation, any water systems serving more than 3,300 people must conduct risk assessments, including cybersecurity assessments, and develop emergency response plans. But most do not have the money, and without the funding, the utilities are hard pressed to comply with regulations, Shaver says.

Related:Small US Cyber Agencies Are Underfunded & That's a Problem

The criticality of these systems and their relative lack of protection has government officials worried. In May, the EPA warned that Iran and Russia had stepped up their attacks on water systems in the United States, while the Cybersecurity and Infrastructure Security Agency (CISA) released a cyber-incident response guide for the water and wastewater sector earlier this year.

The May 2024 alert from the EPA noted that "water systems had inadequate risk and resilience assessments and emergency response plans ... \[and\] found significant failures in best practices, such as failure to change default passwords, use of single logins for all staff, and failure to curtail access by former employees."

**US Needs More Investment in Water System Cyber Defense**

Even with the current requirements, many water utilities are already failing to meet their cybersecurity obligations, Google Cloud's D'Souza says.

"Simply increasing regulations won't solve this problem, and merely highlights the financial constraints preventing utilities from adequately protecting critical infrastructure," he says.

Overall, the federal government needs to do more than offer regulations and best practices. In many respects, the water sector is no different than any other critical infrastructure sector with a great deal of operational technology, says Sean Arrowsmith, head of industrials at NCC Group, a cybersecurity consultancy.

"Generally, OT protocols were designed when security was not so much of a consideration but the devices and infrastructure they run is deployed for a long lifetime and now there are business drivers to collect data from them and converge OT with IT, which is where the security challenges arise," he says.

In addition, Arrowsmith says that the amount of legacy infrastructure and breadth of the attack surface area continues to make securing water infrastructure challenging.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Leaky Cybersecurity Holes Put Water Systems at Risk

73% of globally exposed ICS systems are in the US and Europe, with the US leading at 38%.…

73% of globally exposed ICS systems are in the US and Europe, with the US leading at 38%. Vulnerabilities in outdated protocols and exposed HMIs put critical infrastructure at severe risk, says Censys.

The Internet has revolutionized numerous industries, including manufacturing, energy, and water treatment. However, as more and more **industrial control systems** (ICS) are connected to the internet, they become increasingly vulnerable to cyberattacks. 

According to Censys’ annual State of the Internet Report, shared with Hackread.com, internet-exposed human-machine interfaces (HMIs) are the emerging new threat in ICS security. For your information, HMIs are the graphical interfaces used to monitor and control industrial systems.

The screenshot displays the HMI for a three-pump system, featuring options to monitor alarms, manage controls, and adjust system setpoints (Image credit: Censys).

Researchers at Censys, a leading internet intelligence company, observed that HMIs have become increasingly connected to the internet to enable remote access and management. This connectivity has opened the door to cyberattacks. This is concerning as in 2023 and 2024, we witnessed a series of attacks targeting internet-exposed HMIs, demonstrating the potential for significant disruption and damage.

One notable attack was carried out by the CyberAv3ngers, an Iranian hacking group, **who targeted** a water treatment facility in Pennsylvania, exploited a vulnerable HMI to gain control of the system and defaced it with an anti-Israel message. Another significant attack was from the Cyber Army of Russia Reborn, which **attacked** water facilities in Texas, manipulating HMIs to cause water storage tanks to overflow.

Censys’ report reveals that there are over 145,000 exposed ICS services worldwide, and over 40,000 Internet-connected ICS located in the United States with over half of them linked to building control and automation protocols.

“38% of these services are in North America, 35% are in Europe, and 22% are in Asia. The U.S. alone is responsible for over one-third of global ICS service exposures,” Censys’ **report** read.

The study also found that 18,000 exposed devices were more likely to control industrial systems. In the UK, approximately 1,500 control systems exposed on the public Internet were identified through scans of 18 automation protocols. Over 80% of these administration interfaces are for building controls.

Additionally, over 50% of hosts running low-level automation protocols are concentrated in ISPs, while over 80% of hosts running exposed HMIs are found in wireless networks like Verizon and AT&T. Moreover, about half of the HMIs associated with Water and Wastewater could be manipulated without authentication.

These exposed systems become a tempting target for cybercriminals and nation-state actors who could potentially disrupt critical infrastructure.

Researchers have also observed a high prevalence of outdated and insecure protocols. Many of these protocols, such as Modbus, S7, and IEC 60870-5-104, are decades old and lack advanced security features. Researchers discovered nearly 200 hosts running HMIs that were also running products from vendors explicitly prohibited by the US’s National Defense Authorization Act (NDAA) Section 889. 

The report highlights the need for operators to be mindful of what products and software they allow to run alongside industrial processes. Researchers recommend that security teams must examine the exposure of these protocols and HMIs, which for a vital component of the security of industrial control systems.

1.  **Malware can fully compromise building control systems**
2.  **Flaws can let hackers physically damage moving bridges**
3.  **Flaws in US Drinking Water Systems Put 26 Million at Risk**
4.  **Propump and Controls’ Osprey Pump Controller vulnerable**
5.  **Ransomware targeted SCADA systems of 3 US water facilities**

US and Europe Account for 73% of Global Exposed ICS Systems

This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed less than or equal to 2.0.1, libcupsfilters versions 2.1b1 and below, libppd versions 2.1b1 and below, and cups-filters versions 2.0.1 and below.

Tag

#vulnerability