By AMSAT June 11,2021
A Brief Weekly Review of Top Stories that Dominated the Cyberworld
The outgoing week saw a number of events that had far-reaching effects on the world of cybersecurity. From critical vulnerabilities found in CODESYS software to a constituent platform used by the Congress hit by a ransomware, the cybersecurity domain was full of headline-grabbing developments.
Here’s a brief review of what took place in the past week.
Critical Flaws Found in CODESYS Software
At least 10 flaws, a majority of them critical, were discovered in CODESYS industrial automation software that is used in several industrial control system (ICS) products.
Experts at Russian cybersecurity company Positive Technologies recognized the flaws in several products made by CODESYS. Six of the flaws have been rated critical and they can be exploited using specially created requests for remote code execution or to crash the system. The three vulnerabilities rated high severity can be leveraged for DoS attacks or remote code execution using specially crafted requests.
Windows Server Containers Targeted by ‘Siloscape’ Malware
According to security researchers at Palo Alto Networks, a newly identified piece of malware, Siloscape, targeted Windows Server containers.
The heavily obscured malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and execute various other evil activities.
Palo Alto Networks researcher Daniel Prizmant said that Siloscape, believed to be part of a larger campaign, has snagged at least 23 victims so far. The researcher discovered that it was hosting a total of 313 users.
Ransomware Hit Constituent Platform Used by Congress
News reports revealed that a ransomware hit iConstituent, a platform created to facilitate communication between politicians and local people.
iConstituent was not available for comment, but it was reported that nearly 60 members of Congress use the platform. Chief Administrative Officer of the House Catherine Szpindor said that they were informed of a ransomware attack on iConstituent’s e-newsletter system, which House members buy access to.
But Szpindor added that no data from the House had been taken or accessed and there was no impact on the network used by the House.
Ready to Get Started?
Our specialists are ready to tailor our security service solutions to fit the needs of your organization.