DHS warns of Chinese infrastructure software vulnerabilities

China Qinshan Nuclear Plant II (under construction)

The U.S. Computer Response Readiness Team—a part of the Department of Homeland Security—has issued a bulletin (PDF) warning of software vulnerabilities in two software applications widely used in China to help control public utilities, chemical and manufacturing plans, and even weapons systems. The vulnerabilities are classic heap-based buffer overflow errors, the same type of exploit that has been repeatedly leveraged by malware authors for Windows and other operating systems.

If exploited successfully, the flaws could enable attackers to execute arbitrary programming on the systems, or perform a remote denial of service attack. Successful attacks could be highly destructive, shutting down plants and utilities or potentially creating dangerous conditions in chemical or manufacturing facilities that could lead to much larger problems. Exploitation of the problems in weapons systems could be potentially disastrous.

The U.S.’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) says it has coordinated with NSS Labs researcher Dillon Beresford (who uncovered the problems), as well as Sunway and the China National Vulnerability Database, and patches are available now that address both problems. However, it could take months for industries and operations to install the patches, leaving a potential window of vulnerability where the bugs could be exploited. There are currently no known exploits in the wild.

Sunway applications are mainly used in China, but are also utilized in parts of Asia, Africa, Europe, and the Americas, according to the advisory.

In an era when cyberattacks against corporations and infrastructure are increasingly common, the vulnerabilities highlight the potential risk of Internet based attacks against infrastructure systems. The Sunway software in question is used in supervisory control and data acquisition (SCADA), SCADA systems often control critical infrastructure and manufacturing processes, but were often developed before the Internet became widely available and, in many cases, were never intended to be part of network systems. Although companies have increasingly built Internet-enabled interfaces to SCADA systems, the systems themselves often have never undergone significant security audits.

Last year, the sophisticated Stuxnet worm targeted Siemens WinCC industrial control software in an apparent attempt to hamstring Iran’s uranium enrichment efforts, demonstrating how industrial systems can be vulnerable to Internet-based attacks.

Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though, our guide will help you isolate the issue at hand and solve it in a timely manner.
Mobile

We tried all the latest and greatest smartphones to find the best of 2019

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Computing

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Gaming

Having problems with your Xbox One console? We have the solutions

The Xbox One has evolved over the years, but so have its problems. Thankfully, we have solutions for some of the console's most enduring problems, whether you're experiencing issues with connectivity or your discs.
Computing

Google is giving its G Suite web apps new touches of visual improvements

Your G Suite applications will soon have a different look. Several of the web apps are getting updated with subtle visual improvements inspired by Google's Material Design guidelines. 
Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.
Computing

An update to Microsoft To-Do will help you keep up with your resolutions

If you're looking to stay productive in 2019, you might want to check out the freshly updated Microsoft To-Do app, now with additional integration with the Windows 10 Start Menu and more.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

Could the next Microsoft HoloLens be announced at MWC 2019?

After not having a presence at Mobile World Congress for three years, Microsoft is now sending out media invites for a press conference on February 24 during the annual event in Barcelona. Could a next-generation HoloLens be on the way?
Computing

Microsoft to separate Cortana from search with the next version of Windows 10

Changes are on the way for two key features in Windows 10. A separation of Windows 10 search and Cortana will allow Microsoft to more often innovate on each of the features independently.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Convert your PDFs into convenient Word documents with Adobe or a free option

PDF files are great, but few document types are as malleable as those specific to Microsoft Word. Here's how to convert a PDF file into a Word document, whether you prefer to use Adobe's software suite or a freemium alternative.
Computing

Nvidia’s next midrange card might be a GTX 1660 Ti, rumors suggest

Nvidia may be working on a non-RTX Turing graphics card called the 1660 Ti. Rumors suggest it will have around 20 percent fewer CUDA cores than the RTX 2060 and will lack ray tracing support.