Global software industry advocate BSA | The Software Alliance is warning Australian organisations to be mindful of the security risks involved with using unlicensed software after it settled with a record number of infringement settlements last year . A total of 28 case settlements for the use of unlicensed software occurred in 2017 – twice the amount in 2016 . The 28 settlements were worth more than $ 347,000 in damages against businesses across Australia . BSA warns that with the Notifiable Data BreachesAttack.Databreachlegislation now in effect , this is a good time for organisations to consider the risks unlicensed software bring to their business . “ Businesses need to remember that unlicensed software , or software downloaded from an unknown source , may contain malware which puts an organisation and its customers at significant risk of becoming the victim of a data breachAttack.Databreach, ” comments BSA APAC ’ s director of compliance programs , Gary Gan . “ Without properly licensed software , organisations don ’ t receiveVulnerability-related.PatchVulnerabilitypatch updates which strengthen the software ’ s security and addressVulnerability-related.PatchVulnerabilityvulnerabilities , which otherwise would leave the business exposed. ” One of the 28 settlements involved a Western Australia-based energy company that was found using unlicensed software . The settlement amounted to more than $ 40,000 . Every business caught using unlicensed software had to purchase genuine software licenses for ongoing use on top of the copyright infringement damages . “ It ’ s especially important that organisations are ensuring they ’ re doing all they can to protect their data given the recent introduction of NDB legislation . In order to stay on top of their software licensing , businesses should consider investing in SAM tools . The potential consequences faced by businesses that are found to be using unlicensed software far outweighs the cost of investment into SAM , something that all businesses should be considering , ” Gan continues . The BSA continues to clamp down on unlawful use of its members ’ software . Members include Adobe , Apple , IBM , Microsoft , Okta , Oracle , Symantec , Trend Micro and Workday , amongst others . BSA offers up to $ 20,000 to eligible recipients who disclose accurate information regarding unlawful copying or use of BSA members ’ software . Potential recipients must provide assistance and evidence to support the information , as may be required by the BSA ’ s legal advisers , in connection with any claim or legal proceedings initiated by the BSA members . BSA says it remains committed to its role in raising awareness of the risks to businesses when using unlicensed software and the damaging effects that software piracy has on the Australian IT industry .
A series of remotely exploitable vulnerabilities exist inVulnerability-related.DiscoverVulnerabilitya popular web-based SCADA system made by Honeywell that make it easy to expose passwords and in turn , give attackers a foothold into the vulnerable network . The flaws exist inVulnerability-related.DiscoverVulnerabilitysome versions of Honeywell ’ s XL Web II controllers , systems deployed across the critical infrastructure sector , including wastewater , energy , and manufacturing companies . An advisory from the Department of Homeland Security ’ s Industrial Control Systems Cyber Emergency Response Team ( ICS-CERT ) warned aboutVulnerability-related.DiscoverVulnerabilitythe vulnerabilities Thursday . The company has developed a fix , version 3.04.05.05 , to addressVulnerability-related.PatchVulnerabilitythe issues but users have to call their local Honeywell Building Solutions branch to receiveVulnerability-related.PatchVulnerabilitythe update , according to the company . The controllers suffer from five vulnerabilities in total but the scariest one might be the fact that passwords for the controllers are stored in clear text . Furthermore , if attackers wanted to , they could discloseAttack.Databreachthat password simply by accessing a particular URL . An attacker could also carry out a path traversal attack by accessing a specific URL , open and change some parameters by accessing a particular URL , or establish a new user session . The problem with starting a new user session is that the controllers didn ’ t invalidate any existing session identifier , something that could have made it easier for an attacker to steal any active authenticated sessions . Maxim Rupp , an independent security researcher based in Germany , dug upVulnerability-related.DiscoverVulnerabilitythe bugs and teased them on Twitter at the beginning of January . Rupp has identifiedVulnerability-related.DiscoverVulnerabilitybugs in Honeywell equipment before . Two years ago he discoveredVulnerability-related.DiscoverVulnerabilitya pair of vulnerabilities in Tuxedo Touch , a home automation controller made by the company , that could have let an attacker unlock a house ’ s doors or modify its climate controls . It ’ s unclear how widespread the usage of Honeywell ’ s XL Web II controllers is . While Honeywell is a US-based company , according to ICS-CERT ’ s advisory the majority of the affected products are used in Europe and the Middle East . When reached on Friday , a spokesperson for Honeywell confirmed that the affected controllers are used in Europe and the Middle East . The company also stressed that the vulnerabilities were patchedVulnerability-related.PatchVulnerabilityin September 2016 after they were reportedVulnerability-related.DiscoverVulnerabilityin August .