As part of a Red Teaming engagement for a major Distribution System Operator (DSO), performed jointly with Secura, Midnight Blue developed an offensive capability in order to support a scenario where attackers penetrated electrical substations with the intention to cause prolonged blackouts. The research resulted in the discovery of CVE-2024-8036, which concerns two separate security issues affecting multiple ABB products including the popular Relion protection relays used in electrical substations globally. The vulnerabilities in question allow an attacker to push unsigned firmware and configuration files to these devices in order to achieve remote code execution or persistent denial-of-service (including bricking - rendering them inoperable). https://lnkd.in/eV4AN2ZA
Midnight Blue
IT-services en consultancy
Amsterdam, Noord-Holland 311 volgers
Boutique security consultancy firm specialized in high-end security research
Over ons
Midnight Blue a boutique security consultancy firm specializing in high-end security research with a particular focus on embedded systems in domains ranging from Cyber Physical Systems (CPS) to communications and security equipment. Our researchers have spoken at top tier conferences, have discovered numerous 0-days across the technology stacks of Fortune 500 companies and have conducted security assessments in live Operational Technology (OT) environments of global critical infrastructure operators. Drawing upon this experience and a strong industry network, we are able assist our clients in proactively keeping pace with increasingly advanced attackers. We provide various consultancy services ranging from cutting edge vulnerability research and reverse engineering to defensive design in order to help our clients mitigate a wide variety of threats.
- Website
-
https://www.midnightblue.nl
Externe link voor Midnight Blue
- Branche
- IT-services en consultancy
- Bedrijfsgrootte
- 2-10 medewerkers
- Hoofdkantoor
- Amsterdam, Noord-Holland
- Type
- Eenmanszaak
- Opgericht
- 2017
- Specialismen
- Security Consultancy, Reverse Engineering, Vulnerability Assessment en Embedded Systems
Locaties
-
Primair
Routebeschrijving
Amsterdam, Noord-Holland, NL
Medewerkers van Midnight Blue
Updates
-
As part of our submissions for Pwn2Own Ireland, Rick de Jager at Midnight Blue discovered a 0-day command injection vulnerability, dubbed RISK:STATION, allowing an attacker to obtain root-level remote code execution on recent Synology NAS devices without prior authentication or user interaction. Given that remote exploitation of this vulnerability through the QuickConnect service does not require devices to be directly exposed to the internet, millions of devices are at-risk until properly patched. We are collaborating with Synology, and a patch for the issue can be expected soon, but we highly recommend all Synology users to take action and block public access to ports 5000 and 5001 and disable QuickConnect on their devices. Watch www.riskstation.net for more details next week.
-
For those of you active or interested in OT security, Dr. Marina Krotofil and Midnight Blue will be offering the training "Adversary Emulation for Operational Technology (OT)" at this year's Black Hat Europe. The training will provide students with a framework, methodology, and hands-on experience for designing realistic and safe OT-specific adversary emulation plans and integrating their results into the organizational cyber security program. https://lnkd.in/eX6BMAPb https://lnkd.in/ebSSkY8b