October 10, 2019
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the update at CISA.
January 28, 2018
ICS-CERT has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.
June 20, 2017
As part of National Cybersecurity Awareness Month (NCSAM), the U.S. Department of Homeland Security has recently released a variety of new resources to raise awareness and provide partners with the information and tools to enhance cybersecurity at the home and in the workplace. These resources include guides that pertain to this year’s NCSAM theme of “Own IT. Secure IT.
The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small business protect themselves against common cybersecurity incidents. The ACSC also has a suite of other resources for small businesses, including “step-by-step” guides for backing up and restoring a computer and turning on automatic updates and “quick wins” documents for portable device and website security. For these resources, refer to the Small Business Cyber Security suite at cyber.gov.au.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system.
October 8, 2019
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
May 14, 2019
The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
CISA has published an advisory on a use of hard-coded cryptographic key vulnerability in Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM). All versions prior to 1.3 are affected. Successful exploitation of this vulnerability could allow an attacker to gain read and write access to the related TeamCenter station. Siemens recommends users update to Version 1.3. CISA also recommends a series of measures for mitigating the vulnerability. Read the advisory at CISA.
CISA has published an advisory on improper authorization and use of hard-coded credentials vulnerabilities in GE Mark Vle Controller. All versions of the GE Mark VIe Controller are affected by at least one of the vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to create read/write/execute commands within the Mark VIe control system. GE has provided recommendations for mitigating the vulnerabilities. CISA also recommends a series of measures for mitigating the vulnerabilities.
CISA has published an advisory on a cross-site request forgery vulnerability in SMA Solar Technology AG Sunny WebBox. Versions 1.6 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and modify input parameters associated with devices such as sensors. This product is end-of-life and is no longer supported, but SMA has provided recommendations for mitigating the vulnerability.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Open Source Software, Microsoft Dynamics 365, and Windows Update Assistance. Read the update at Microsoft.
Microsoft warns that it has observed an Iranian group – referred to as “Phosphorus” – attempting to take control of email accounts by exploiting the password reset or account recovery features. According to Microsoft, Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
