Tuesday, November 5, 2024
Latest:
The Register 

That didn’t take long: replacement for SORBS spam blacklist arises … sort of

TH Author

In Brief A popular spam blocklist service that went offline earlier this month has advised users it is down permanently – but at least one potential candidate is stepping up to try to fill the threat intelligence void.

Data security firm Data443, citing exclusive reporting by our Simon Sharwood, said last week it plans to begin offering free access to its own spam domain and IP blocklist service for members of the Spam and Open Relay Blocking System (SORBS) community.

SORBS was, until June 5, a free DNS-based block list containing records for more than 12 million servers used for spamming, phishing and scamming. More than 200,000 organizations made use of SORBS until security vendor Proofpoint took it offline, citing “various factors impacting the service’s sustainability.”

Lest you think Data443 has acquired the SORBS codebase, that doesn’t appear to be the case.

Instead of a continuation of SORBS itself, Data443 is offering “a slight time-lagged edition of our commercial offerings” in a limited fashion “specifically on domain/IP blocklists,” according to the signup page for its “SORBS onboarding” process.

Data443 founder and president Jason Remillard confirmed to The Register that the data is coming from his company’s Cyren platform, which includes an email protection element alongside other threat analysis and cyber security elements.

“We don’t need the [SORBS] codebase to deliver results – our platform has the capabilities to produce the data,” Remillard declared. “One good thing about SORBS is there is a public record (generally) of why/how they made decisions.”

In other words, this isn’t actually SORBS. Whether Data443 is pursuing acquisition of the SORBS codebase is unknown – we asked, but it declined to comment on the record. The Register understands SORBS has not been sold.

Of course, the fact Data443 is giving SORBS users a free peek at a premium service means it’s sure to start offering deals on its additional offerings – just look at all the information you have to provide in that signup page.

Critical vulnerabilities: Apparently it was OT Patch Tuesday, too

This portion of the roundup is usually short in the week after Patch Tuesday, but not this time. It looks like the OT and ICS worlds have decided to throw their own vulnerability festivals this week. Consumers weren’t spared, either.

  • CVSS 10.0 – CVE-2024-1839: Intrado’s 911 Emergency Gateway appliances are vulnerable to SQL injection that can be used to execute code, exfiltrate data and manipulate databases.
  • CVSS 9.8 – Multiple CVEs: Taiwan’s CERT has advised that seven ASUS Wi-Fi routers have and authentication bypass vulnerability that could allow unauthenticated remote attackers to log in the device. ASUS has issued fresh firmware to fix the flaw.
  • CVSS 9.8 – Multiple CVEs: Schneider Electric’s Easy UPS Online Monitoring software for various Windows versions is vulnerable to OS command injection and authentication bypass.
  • CVSS 9.8 – Multiple CVEs: A number of Siemens SIMATIC and SIPLUS devices are vulnerable to a chain of attacks that allow attackers to leak memory, execute code and deny service.
  • CVSS 9.8 – Multiple CVEs: Mitsubishi Electric MELSEC-Q/L series controllers – lots of them – contain vulnerabilities that could allow an attacker to execute malicious code or read arbitrary info with a specially crafted packet.
  • CVSS 9.1 – Multiple CVEs: Siemens SCALANCE W700 devices are vulnerable to a number of issues that can allow an attacker to execute system-level commands.
  • CVSS 8.8 – CVE-2024-35292: A whole bunch of Siemens SIMATIC S7-200 PLCs are using insufficiently random IP ID sequences, making them vulnerable to a certain kind of DoS attack.
  • CVSS 8.7 – Multiple CVEs: Siemens SINEC Traffic Analyzer prior to v1.2 contain issues that can allow an attacker to cause DoS, cause information disclosure and modify files.
  • CVSS 8.7 – Multiple CVEs: MicroDicom’s DICOM Viewer for medical imaging is vulnerable to stack-based buffer overflow and is improperly authenticating users, allowing images to be deleted or replaced.
  • CVSS 8.7 – Multiple CVEs: Motorola Solutions Vigilant Fixed LPR Coms Box license plate readers are subject to a number of vulnerabilities that could allow an attacker to access sensitive information and credentials and perform a replay attack.
  • CVSS 8.5 – CVE-2024-36266: Siemens PowerSys versions prior to 3.11 are insufficiently protecting responses to authentication requests, opening the door for an attacker to gain admin privileges.
  • CVSS 8.5 – Multiple CVEs: Fuji Electric Tellus Lite V-Simulator versions before 4.0.20.0 are vulnerable to OOB write and stack-based buffer overflow, allowing local code execution.
  • CVSS 8.5 – CVE-2024-37369: Rockwell Automation FactoryTalk View SE version 12.0 contains a privilege escalation vulnerability.
  • CVSS 8.4 – CVE-2024-3468: AVEVA PI Web API contains a deserialization of untrusted vulnerability that could allow an attacker to perform RCE.
  • CVSS 8.3 – CVE-2024-5659: Several Rockwell Automation ControlLogix, GuardLogix and CompactLogix controllers can be forced into a nonrecoverable fault state when receiving abnormal mDNS packets.
  • CVSS 8.2 – Multiple CVEs: Siemens ST7 ScadaConnect versions prior to 1.1 are vulnerable to a number of issues that could cause info disclosure or DoS and allow RCE.
  • CVSS 8.2 – CVE-2024-37367: Rockwell Automation FactoryTalk View SE version 12.0 is improperly authenticating remote users, allowing them to view HMI projects without authorization.
  • CVSS 8.2 – CVE-2024-37368: Rockwell Automation FactoryTalk View SE version 11.0 contains the same issue as CVE-2024-37367.

Georgia woman charged with extensive cyber stalking crimes

A woman from the US state of Georgia has been charged with two counts of cyber stalking and another count of interstate transmission of threats after engaging in an online adoption scam targeting a Tennessee couple.

The Department of Justice’s announcement states that Gabryele Watson faces up to 15 years if convicted of all three charges. She allegedly harassed the couple online with intent to cause distress, and also texted them threats of abduction and murder by hitmen.

This doesn’t appear to have been Watson’s first brush with the law: According to the FBI, Watson’s allegedly done similar things since around 2015. The Bureau is asking other victims to come forward to substantiate the claims of the case.

Alleged Tesla charging secret thief pleads guilty

You may recall that in March 2024 a Canadian battery exec was arrested for allegedly selling secrets of Tesla’s battery charging technology to a pair of undercover federal agents. Well, now we have his admission that the charges were true.

Klaus Pflugbeil, who holds Canadian citizenship but lives in China, admitted last week to absconding with trade secrets from his employer, battery parts manufacturer Hibar Systems, after Tesla purchased the company in 2019. Pflugbeil then teamed up with another former Hibar colleague to obfuscate the source of their stolen technology before starting a business in China offering similar components.

The tech in question – called continuous motion assembly – is a proprietary battery production technology developed by Hibar and now in use at Tesla. According to the original complaint, Tesla spent around $13m researching the technology before buying Hibar.

Having pled guilty, Pflugbeil is facing up to a decade in prison when he’s sentenced in October. ®

READ MORE HERE