November 11th: Train shutdown in Denmark +++ VMware Workspace ONE

Train shutdown in Denmark

Last Saturday, DSB, one of the largest train companies in Denmark, had to stop all their trains for several hours. The whole train traffic was shut down because of a cyberattack, but it was not the train company which was under attack – it was a provider.

Train drivers use an application called β€œDigital Backpack 2” to get access to critical information about railroads, e.g. what parts are being repaired or which speed limits in certain areas are set. The provider of the mobile application was hit by a cyberattack which was financially motivated. It was not possible to continue using the app during the attack.

Our recommendation: Maintain and control also the third-party products, to prevent something like this from happening to you.

Are you interested in reading more about this train shutdown? You are welcome to check the following sources:

VMware Workspace ONE

This Tuesday, VMware released a patch for their Workspace ONE. This patch fixes a trio of critical vulnerabilities (CVE-2022-31685, CVE-2022-31686 and CVE-2022-31687) which are all rated as 9.8 out of 10.

All three vulnerabilities can be exploited if the attacker has access to the network. It can even give the attacker administrative access without authentication.

Furthermore, a vulnerability was patched rated as 6.4 that could lead to a JavaScript injection and a vulnerability that allowed an attacker to authenticate with a stolen session token.

All mentioned vulnerabilities are fixed with the newest version of Workspace ONE.

For more insights on VMware Workspace ONE, we have listed two interesting sources for you:

Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.

Simeon Mussler

We are happy to help you personally with the specification of your cybersecurity requirements:

+44 1895 838 918

Reach out now