that in many cases , FTP servers can be accessed without a password . The FBI warningVulnerability-related.DiscoverVulnerabilitycites research conducted by the University of Michigan in 2015 that revealedVulnerability-related.DiscoverVulnerabilitymore than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain accessAttack.Databreachto the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailedAttack.Ransomif PHI is stolenAttack.Databreach. Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacksAttack.Databreachon healthcare organizations . The protected health information of patients was stolenAttack.Databreachand organizations were threatened with the publication of data if a sizable ransom paymentAttack.Ransomwas not made . In some cases , patient data were published online when payment was not receivedAttack.Ransom. There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .
Cisco Systems yesterday issued 17 security advisories , disclosingVulnerability-related.DiscoverVulnerabilityvulnerabilities in multiple products , including at least three critical flaws . One of them , a privileged access bug found inVulnerability-related.DiscoverVulnerabilityseven models of its Small Business Switches , has not yet been patchedVulnerability-related.PatchVulnerability, but the company has recommended a workaround to limit its potential for damage . Designated CVE-2018-15439 with a CVSS score of 9.8 , the unsolved privileged access vulnerability could allow a remote attacker to bypass an affected device ’ s user authentication mechanism and obtain full admin rights without the proper administrators being notified . Although there is currently no software fix , a Cisco advisory says users can implement a workaround by “ adding at least one user account with access privilege set to level 15 in the device configuration. ” Affected device models are the Cisco Small Business 200 Series Smart Switches , Small Business 300 Series Managed Switches , Small Business 500 Series Stackable Managed Switches , 250 Series Smart Switches , 350 Series Managed Switches , 350X Series Stackable Managed Switches and 550X Series Stackable Managed Switches . The other critical flaws confirmedVulnerability-related.DiscoverVulnerabilityin Cisco products were an authentication bypass vulnerability in the Stealthwatch Management Console of Cisco Stealthwatch Enterprise and a remote shell command execution bug in Unity Express . These also carry CVSS scores of 9.8 . Cisco published a fourth critical advisory warningVulnerability-related.DiscoverVulnerabilityof a remote code execution bug in the Apache Struts Commons FileUpload Library ; however , it is unknown at this time if any Cisco products and services are affected . Additional vulnerabilities were foundVulnerability-related.DiscoverVulnerabilityin the Cisco ’ s Meraki networking devices , Video Surveillance Media Server , Content Security Management Appliance , Registered Envelope Service , Price Service Catalog , Prime Collaboration Assurance , Meeting Server , Immunet and AMP for Endpoints , Firepower System Software , Energy Management Suite and Integrated Management Controller Supervisor . And in one final , odd advisory , Cisco acknowledged that a flub in its QA practices allowed dormant exploit code for the Dirty Cow vulnerability to be included in shipping software images for its Expressway Series and Cisco TelePresence Video Communication Server ( VCS ) software . “ The presence of the sample , dormant exploit code does not represent nor allow an exploitable vulnerability on the product , nor does it present a risk to the product itself as all of the required patches for this vulnerability have been integratedVulnerability-related.PatchVulnerabilityinto all shipping software images , ” said the advisory . “ The affected software images have proactively been removed from the Cisco Software Center and will soon be replacedVulnerability-related.PatchVulnerabilitywith fixed software images . ”
Whether cops are going undercover to learn more about suspects , or deploying hacking tools to unmask them on a mass scale , each side is always trying to stay one step ahead of the other . Apparently in response to law enforcement 's use of malware , one dark web child pornography site recently started redirecting visitors to a page with additional security advice if their browser runs JavaScript . `` At [ child pornography site ] we have always had a big JavaScript warningVulnerability-related.DiscoverVulnerabilityif you have it enabled , '' one user on a dark web child abuse site wroteVulnerability-related.DiscoverVulnerabilityin December of last year . JavaScript is sometimes used as a delivery mechanism for a browser exploit ; meaning that if users turn it on , they may make themselves vulnerable to attack , which could ultimately reveal their identity . But this site doesn't just warnVulnerability-related.DiscoverVulnerabilitypeople about the dangers of JavaScript . Tails is an operating system that routes all of a user 's traffic through the Tor anonymity network , and is designed to not leave any forensic traces on the host machine . The dark web child pornography site also blocks connections from Tor2Web gateways , which are proxies that people can use to access dark web sites without the protection of the Tor network . The site also allegedly stops people accessing it via mobile phone browsers .
A handful of worrisome vulnerabilities in Honeywell building automation system software disclosedVulnerability-related.DiscoverVulnerabilitylast week are case in point of how far the industry continues to lag in securing SCADA and industrial control systems . Honeywell published in September new firmware that patchesVulnerability-related.PatchVulnerabilityvulnerabilities privately disclosedVulnerability-related.DiscoverVulnerabilityby researcher Maxim Rupp in its XL Web II controllers . The flaws could give an attacker the ability to access relatively unprotected credentials and use those to manipulate , for example , environmental controls inside a building . While these aren ’ t critical infrastructure systems such as wastewater , energy or manufacturing , building automation system hacks can be expensive to remedy , and in a worst-case scenario , afford an attacker the ability to pivot to a corporate network . Experts told Threatpost that building automation systems can be used to remotely manage heating , air conditioning , water , lighting and door security , and help reduce building operations costs . They ’ re also popping up as more and more buildings go green ; such systems , for example , are crucial to Leadership in Energy and Environmental Design ( LEED ) certification from the United States Green Building Council . “ The main risk from this is a super simple method of accessing building system HMIs , whether for mischief or maybe even ransom . Controllers like this provide an easy interface to operating the entire building system , no additional programming knowledge or protocol expertise required , ” said Michael Toecker of Context Information Security . Unless very poorly designed , a user can ’ t damage equipment from the HMI , but they can make the building inhospitable , inefficient , and expensive to fix ” . The Industrial Control System Cyber Emergency Response Team ( ICS-CERT ) issuedVulnerability-related.DiscoverVulnerabilityan advisory last Thursday warningVulnerability-related.DiscoverVulnerabilityof five vulnerabilities in the Honeywell XL1000C500 XLWebExe-2-01-00 and prior , and XLWeb 500 XLWebExe-1-02-08 and prior . Four of the five are authentication-relatedVulnerability-related.DiscoverVulnerabilityflaws , the most serious of which involved passwords either stored in clear text or reachable by accessing a particular URL . A user with low privileges could also open and change parameters via a URL , ICS-CERT said . Honeywell also patchedVulnerability-related.PatchVulnerabilitya session fixation vulnerability allowing an attacker to establish new users sessions without invalidating prior sessions , giving them access to authenticated sessions . It also patchedVulnerability-related.PatchVulnerabilitya path traversal bug that allowed attackers to carry out directory traversal attacks via a URL .