CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.17.April.24

Pwning PLCs and more open source software security

PreviousCCTR.18.April.24NextCCTR.16.April.24

Last updated 11 months ago

It's a great win for the good folks! ⚖️ Law enforcement agencies from 19 countries across three continents collaborated to take down a cybercrime operation called LabHost. LabHost, a cloud based service, facilitated phishing scams for inexperienced criminals. Europol reported that users of LabHost could select from various scam site designs, featuring stolen logos and look-alike fake login pages mimicking those of legitimate businesses to deceive unsuspecting individuals into divulging their login credentials. These stolen credentials were then relayed to the scammers. Ref Following the XZ Utils discovery, scrutiny has extended to other open-source projects, revealing similar incidents. The OpenJS Foundation Cross Project Council reported receiving suspicious emails requesting updates for a popular JavaScript project to address unspecified critical vulnerabilities. Despite lacking specifics, the emails urged OpenJS to designate the senders as new project maintainers, resembling the tactics used by hackman "Jia Tan" in the XZ backdoor incident. Ref Datadog Security Labs discovered a vulnerability, CVE-2024-28056, within Amazon Web Services (AWS) Amplify, exposing IAM roles associated with Amplify projects. This weakness allowed unauthorised parties worldwide to assume control. Projects created using the Amplify CLI between July 2018 and August 2019 were especially at risk due to their vulnerable trust policies. AWS promptly remediated the vulnerability, rendering it no longer exploitable. Ref Cybersecurity and Infrastructure Security Agency issued an advisory highlighting unpatched vulnerability in Unitronics - PLC & Automation products industrial control systems devices. 🏭 Unitronics Vision Series PLCs used in the Water and Wastewater sector. CISA warns that the controller is susceptible to remote exploitation vulnerability CVE-2024-1480 (CVSS 8.7) due to storing passwords in a recoverable format. Successful exploitation of this vulnerability could allow an attacker to factory reset, stop or restart the device. The advisory recommends measures such as disconnecting the PLC controllers from the Internet 🙄, isolating them from business networks, using firewalls for protection, and employing secure methods like virtual private networks (VPNs) for remote access. Ref

https://pducklin.com/2024/04/18/labhost-scamming-service-taken-down-hundreds-under-threat-of-arrest/
https://www.schneier.com/blog/archives/2024/04/other-attempts-to-take-over-open-source-projects.html
https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01