Tripwire has posted an article on the importance of considering, or rather not forgetting about legacy ICS equipment in the overall cyber resilience strategy. Originally designed to last for decades - a significantly longer lifespan than most modern technology - legacy equipment often lacks the ability to be updated/upgraded in place without the need to replace devices or completely overhaul the system.
With news this past week that security vulnerabilities that could expose customer data have been uncovered at three major wireless carriers, coupled with confirmation that T-Mobile customer data was exposed – including phone numbers - WIRED posts an article highlighting how the paradigm of using our phone numbers as “authenticators” puts us at greater risk.
Windows OS utilities like Powershell, PSExec, and other commonly available tools have made life easier for cyber threat actors. Symantec discusses this concept widely known as “living-off-the-land” that often provides attackers with greater benefits than creating their own malware. Malicious actors are taking advantage of these utilities to hide in plain sight as they know defenders often do not flag related activity for looking suspicious.
Although al Qa’ida is better known for its physical terror attacks than its cyber presence, it has practiced cyber terrorism and appears to be attempting to grow its capabilities in this area, according to an article in Small Wars Journal. Historically, the group’s cyber activities have been limited to using the Internet and social media to spread its jihad message as well as a few relatively minor attacks, such as website defacements.
People are creatures of habit, and predictable - these facets of our personalities are frequently taken advantage of by cyber threat actors looking to crack passwords from the latest data breach repository. Cybersecurity firm Rapid7 explains the password cracking process, and shows how users still create passwords with easily guessable, thus easily hackable, patterns. This post also highlights how these predictable patterns still allow miscreants to crack hashed/encoded passwords.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function. Yokogawa recommends users update or patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
August 21, 2018
The NCCIC has updated this advisory with additional details on mitigations. The original advisory was published on June 27, 2012. NCCIC/ICS-CERT.
June 27, 2012
With data breaches being commonplace, Tripwire offers a post reminding us of the role people play in preventing or enabling breaches and other cybersecurity incidents. Most studies over the last few years have consistently revealed that human error is responsible for well over 75% of cybersecurity and privacy breaches. While technology controls are an important part of an overall cybersecurity strategy, technology does fail from time-to-time, and when it does, people become the last (and best) cybersecurity defense.
The NCCIC has released an advisory on uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emerson DeltaV DCS Workstations. DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations. Emerson recommends users patch the affected products.
The NCCIC has released an advisory on path traversal and improper authentication vulnerabilities in Tridium Niagara. Niagara AX Framework version 3.8 and prior and Niagara 4 Framework version 4.4 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. Tridium has provided updates to address the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
