Cybersecurity

Last Friday marked the third anniversary of the “No More Ransom” initiative that has helped more than 200,000 victims of ransomware recover their files free of charge since it was first launched in July 2016. The initiative is a public-private partnership, which includes Europol’s European Cybercrime Centre (EC3), that offers the victims of ransomware an alternative solution to losing their files or having to pay the demanded money to the criminals.

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State ISAC (MS-ISAC), both WaterISAC partners, have joined with the National Governors Association and the National Association of State Chief Information Officers in releasing a statement recommending state and local governments take immediate action to safeguard against ransomware attacks.

The National Cyber Security Alliance (NCSA) has announced the theme for this year’s National Cybersecurity Awareness Month (NCSAM), which is recognized every October.  With the overarching theme of “Own IT. Secure IT. Protect IT.,” the NCSA says NCSAM 2019 will focus on encouraging personal accountability and proactive behavior in security best practices and digital privacy and draw attention to careers in cybersecurity. As it has in past years, WaterISAC will distribute its own messaging using the NCSAM theme.

The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in National Renewable Energy Laboratory (NREL) Energy Plus. Version 8.6.0 and prior versions (potentially) are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition. It is recommended that users update the application to the latest available release, v9.0.1, or later. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.