Nozomi Network Labs
Defending Critical Infrastructure Against Cyber Risk
Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through our cybersecurity research and collaboration with industry and institutions, we’re helping defend the operational systems that support everyday life.
Vulnerability Advisories
Lanner IAC-AST2500A Session Fixation and Insufficient Session Expiration – CVE-2021-46279
- by Nozomi Networks
- November 2, 2022
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Lanner IAC-AST2500A Username Enumeration – CVE-2021-45925
- by Nozomi Networks
- October 31, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Lanner IAC-AST2500A TLS Certificate Generation Function Improper Input Validation – CVE-2021-44769
- by Nozomi Networks
- October 31, 2022
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service (DoS) condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Labs Blogs
Could Threat Actors Be Downgrading Their Malware to Evade Detection?
Nozomi Networks Labs: Discovering and Reporting Vulnerabilities to Increase Security
Webinars & Podcasts
Webinar: Insights on the Top OT/IoT Security Threats – How to Protect Your Operations
Tools
Guardian Community Edition Assertions (Queries) for COVID-19 Cybersecurity
- by Nozomi Networks
- April 14, 2020
New assertions (queries) have been added to Guardian Community Edition to help with COVID-19-related cybersecurity challenges.
- Assertions for COVID-19 Network Indicators – Queries that check for communications with malicious IP addresses and URLs
- Assertions for Remote Access Monitoring – Queries that check the number of simultaneous remote connections and generate alerts if the number surpasses a threshold.
COVID-19 Malware: OT and IoT Threat Intelligence
- by Nozomi Networks
- April 7, 2020
To help your organization proactively detect and prevent COVID-19 themed cyberattacks, download our network indicators, ransomware and malware threat intelligence.
- COVID-19 themed Network Indicators – Network IOCs (Indicators of Compromise)
- COVID-19-Themed Ransomware Rules – Yara rules for detecting coronavirus ransomware
- COVID-19 Informer Malware Rules– Yara rules for detecting COVID-19 Informer malware
- COVID-19-Themed Hash – List of hashes that detect malicious files
- COVID-19 Chinoxy Backdoor Malware – SNORT rule for detecting network infection
URGENT/11 Nmap NSE Script for Detecting Vulnerabilities
- by Nozomi Networks
- September 5, 2019
- Our Nmap NSE script for detecting URGENT/11 vulnerabilities is a research tool for quickly checking industrial systems for vulnerable assets based on the version of VxWorks exposed within the FTP service.
- Due the fact that is not always possible to detect the running version, we recommend that industrial operators use full featured security products for effective vulnerability assessment.
Research Projects
TRITON
- by Nozomi Networks
- September 9, 2022
GreyEnergy
- by Nozomi Networks
- September 9, 2022
IEC 62351
- by Nozomi Networks
- September 8, 2022
Threat Intelligence
Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.
Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.
Let's get started
Discover how easy it is to anticipate, diagnose and respond to cyber threats and process issues before they impact your operations.
