Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 28, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 28, 2022. I’ve also included some comments on these stories.
High-Severity Flaws Discovered in Schneider, GE Digital SCADA Software
In mid-February, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published an advisory warning of multiple vulnerabilities in Schneider’s Easergy protection relays. Two of those high-severity flaws enable an attacker to manipulate traffic associated with the device and/or to execute arbitrary code, reported The Hacker News. This advisory emerged around the same time that CISA warned of similar weaknesses in General Electric’s Proficy CIMPLICITY supervisory control and data acquisition (SCADA) software.
Andrew Swoboda | Senior Security Researcher at Tripwire
Schneider Electric’s Easergy is subject to several vulnerabilities. Versions of Easergy p3 prior to v30.205 and versions of Easergy P5 prior to 01.401.101 are vulnerable to the following vulnerabilities: CVE-2022—22722, CVE-2022-22723, and CVE-2022.22725. CVE-2022-22722 is a hardcoded credentials vulnerability. CVE-2022-22723 and CVE-2022-22725 are buffer overflow vulnerabilities that could cause denial-of-service (DoS) conditions or code execution. These vulnerabilities were discovered by Timothée Chauvin, Paul Noalhyt, and Yuanshe Wu at Red Balloon Security.
Researchers’ Apple AirTag Clone Can Bypass Anti-Stalking Protections
On February 28, The Hacker News reported on the development of an Apple AirTag clone by a team of cybersecurity researchers. The device is unique in that it bypasses anti-stalking protections built into the “Find My” Bluetooth-based tracking protocol. Someone could go on to use the device to track an iPhone user for five days without triggering a tracking notification.
Dylan D’Silva | Security Researcher at Tripwire
Here is an example of where persistence pays off—in this case, bringing large, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Dylan D'Silva. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-news/extra-extra-vert-reads-all-about-it-cybersecurity-news-for-the-week-of-february-28-2022/
