Threat actors could chain two critical security vulnerabilities in Schneider Electric's Unity line of Modicon programmable logic controllers, tracked as CVE-2022-45788 and CVE-2022-45789, to compromise safety protections for limiting physical damage, according to The Record, a news site by cybersecurity firm Recorded Future.
More than 1,000 Modicon Unity PLCs are vulnerable to such attacks, with the U.S. having the fourth largest number of exposures, following France, Spain, and Italy, reported Forescout researchers, who cited a Shodan search.
"A quick search for the affected models on Shodan has shown exposed Modicon PLCs in everything from airports, mining, and solar and hydro power generation to chemical manufacturing," said researchers Daniel dos Santos and Jos Wetzels.
The findings should prompt critical infrastructure organizations to bolster consequence-driven risk assessments and defenses against potential safety measure bypass that attackers could employ when infiltrating physical environments.
"When you're evaluating your potential risk, you have to think about whether you can defend against this and if you have the visibility deep down in your systems," said Wetzels.
Android devices on the latest version of the operating system were discovered to be impacted by a vulnerability that exposes DNS queries upon switching VPN servers despite the activation of the "Always-on VPN" functionality while blocking connections that do not have VPN, according to BleepingComputer.
BleepingComputer reports that online banking accounts across Finland were noted by the country's Transport and Communications Agency, or Traficom, to have been targeted by ongoing Android malware attacks.
BleepingComputer reports that numerous Android apps with over four billion downloads are susceptible to the novel Dirty Stream attack, which involves the exploitation of a flaw in Android's content provider system that could enable arbitrary code execution and secrets compromise.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news