Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Japanese Firm. Show all posts
Vulnerabilities and Exploits
Buffer Overflow Canon Japanese Firm Remote Code Execution Vulnerabilities and Exploits

Canon Patches Seven Critical Flaws in Small Office Printers

 

Canon, a Japanese electronics company, released software patches on Monday that address seven major vulnerabilities impacting numerous small office printer models. 

Buffer overflow flaws are the issues that can be used to execute code remotely over a network or render a vulnerable product inoperable.

"These vulnerabilities point to the possibility that an unauthorised remote attacker could be able to execute arbitrary code and/or use the product as a target for a denial-of-service (DoS) attack over the Internet if a product is connected directly to the Internet without using a router (wired or Wi-Fi)," according to Canon. 

The vulnerabilities are tracked under the CVE-2023-6229, CVE-2023-6234, and CVE-2024-0244 codes. They have a 9.8 CVSS score, according to Japan's vulnerability information portal JVN.

According to NIST advisories, flaws were identified in a number of components, including the processes for downloading CPCA PDL resources, Address Book passwords, WSD probe requests, Address Book usernames, SLP attribute requests, CPCA Colour LUT resource downloads, and CPCA PCFAX number processes. 

The imageCLASS MF753CDW, MF751CDW, MF1333C, LBP674CDW, and LBP1333C series in North America; Satera LBP670C and MF750C series in Japan; and i-SENSYS LBP673Cdw, MF752Cdw, MF754Cdw, C1333i, C1333iF, and C1333P series in Europe are the printer types that are susceptible. 

However, the vulnerabilities affect firmware versions 03.07 and earlier for all models. The regional websites of Canon have updates that fix these issues.

No reports of these vulnerabilities being used have surfaced. However, we advise our clients to install the latest firmware available for the concerned models in order to improve the product's security," Canon states on its European support website. 

Customers should additionally limit access to the printers by concealing them behind a router or firewall, assigning them a secret IP address, and limiting access to them because the vulnerabilities mentioned above can be exploited remotely. 

Canon reports that Trend Micro's Zero Day Initiative (ZDI) was used to expose all seven security flaws.
Read more »
Shimano
Japanese Firm LockBit 3.0 malware Ransomware Shimano

LockBit Leaked 4.5 TB Data of Shimano Industry

 

Shimano Industries, a prominent Japanese multinational manufacturing company specializing in cycling components, fishing tackle, and rowing equipment, fell victim to the world's largest ransomware group, LockBit. The group stole 4.5 terabytes of sensitive company data. 

The company had previously been involved in the production of golf supplies until 2005 and snowboarding gear until 2008. Situated in Sakai, Osaka Prefecture, the corporation operates with 32 consolidated and 11 unconsolidated subsidiaries. Its primary manufacturing facilities are strategically located in Kunshan (China), as well as in Malaysia and Singapore. 

According to Flashpoint, a company specializing in cyber-crime protection, it labels LockBit as the 'most active' ransomware group globally. Flashpoint attributes 27.93 percent of all documented ransomware attacks to this particular group. 

As reported by Cycling News, LockBit is a cybercrime group that uses malicious software to break into companies' sensitive data. Once they have the information, they demand money from the targeted companies, threatening to make the compromised data public if payment is not made. 

The announcement asserts that the group has infiltrated exceptionally sensitive information, encompassing: 

1. Employee details, comprising identification, social security numbers, addresses, and scanned passports. 

2. Financial records, including balance sheets, profit and loss statements, bank statements, various tax forms, and reports. 

3. Client information, involving addresses, internal documents, mail exchanges, confidential reports, legal documents, and results from factory inspections. 

4. Miscellaneous documents, such as non-disclosure agreements, contracts, confidential diagrams and drawings, developmental materials, and laboratory test results. 

The Data has been Leaked? 

Earlier this month, Escape Collective initially disclosed that hackers issued a threat to release 4.5 terabytes of confidential data unless Shimano made an undisclosed ransom payment. The compromised data, as outlined by Escape Collective, encompasses confidential employee information, financial records, a client database, and various other sensitive company documents. 

The hackers imposed a deadline for the ransom, set for November 5, 2023. Subsequently, when the stipulated demands went unmet, the message on LockBit's website changed, indicating that "all available data" had been made public. However, notably, there was no corresponding download link provided for accessing the data.
Read more »
Vulnerabilities and Exploits
Critical Flaws Japanese Firm Security Patch Vulnerabilities and Exploits

Japanese Automation Firm Yokogawa Patches CENTUM, Exaopc Vulnerabilities

 

Yokogawa Electric Corp., of Japan, recently patched multiple critical flaws in its control system software that can be abused to suppress alarms, read or write files, crash the server, or execute arbitrary code. 

Researchers at cybersecurity firm Dragos have identified ten critical flaws in Yokogawa’s CENTUM VP distributed control system (DCS) and the Exaopc OPC server for CENTUM systems. The remotely exploitable vulnerabilities are related to hard-coded credentials, relative path traversal, improper output neutralization for logs, OS command injection, permissions, privileges, access controls, and uncontrolled resource consumption. 

The vulnerabilities, a lot of which have been assigned a “high severity” rating, require local access to the targeted device, while others can be abused by sending specially designed packets to the Consolidated Alarm Management Software (CAMS) for the human interface station (HIS or HMI).

“Most likely, the adversary would need access to the LAN for successful exploitation,” Sam Hanson, vulnerability expert in Dragos' Threat Operations Center, stated. “However, if the HIS is somehow internet-facing then exploitation from the internet is possible.” 

Thus far, Dragos researchers have no evidence to suggest that vulnerabilities are exploited in the wild. However, in a real-world attack, a malicious actor could abuse the security loopholes to secure access to the HIS or render it useless by causing a DoS condition. 

“An adversary could use these issues to affect a loss of control and loss of view. Depending on the configuration, the adversary could manipulate physical process controls,” Hanson added. 

Japanese automation giant has released patches and mitigations for affected products. However, CENTUM CS 3000 products, which have reached the end of life, will not receive updates and users have been recommended to update to CENTUM VP. The company released details about the flaws in January and February, and the US Cybersecurity and Infrastructure Security Agency (CISA) published its own advisory in late March. 

“CENTUM VP has been targeted in the past by security researchers. HIS operations involve many file system interactions and therefore there are plenty of places for bugs (such as directory traversals) to appear,” Hanson concluded. “While security has improved over time, Dragos expects more of this type of issue to surface until Yokogawa can find a way to mitigate these issues en masse (through file system permissions, sandboxing, or utilizing a common DLL for file access, etc.).” 

Earlier this year in February, Dragos reported that 1,703 ICS/OT vulnerabilities received a CVE identifier in 2021, more than twice as many as in the previous year. More than two-thirds of the security loopholes examined by the firm impacted systems located deep within the industrial network.
Read more »
Subscribe to: Posts (Atom)