You are here

Home » Cybersecurity

Cybersecurity

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect. Compass Version 3.0.5.1 and prior and AcSELerator Architect Version 2.2.24.0 and prior are affected. Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service. Schweitzer Engineering Laboratories recommends users upgrade to the latest release of both products.

Universal Robots Robot Controllers (ICSA-18-191-01)

The NCCIC has released an advisory on hard-coded credentials and missing authentication for critical function vulnerabilities in Universal Robots Robot Controllers. CB 3.1, SW Version 3.4.5-100 is affected. Successful exploitation of these vulnerabilities could allow a remote attacker to run arbitrary code on the device. Universal Robots has recommended a series of remedial actions to address these vulnerabilities.

The Worst Cybersecurity Breaches of 2018 So Far

Looking back on the cyber incidents that occurred in the first six months of 2018, an article from Wired magazine concludes that corporate security isn't getting better fast enough, critical infrastructure security hangs in the balance, and state-backed hackers from around the world are getting bolder and more sophisticated. It cites Russia’s deployment of the NotPetya malware and hacking of the U.S. electric grid (activity that also affected water and wastewater utilities), rampant data exposures, and the breach of Under Armor’s fitness app to support its assertions.

Businesses Collect More Data Than They Can Handle, Only Half Know Where Sensitive Data Is Stored

Gemalto has released its findings into research it conducted about how companies use the data they collect from customers. One of the most surprising and alarming findings is that nearly two-thirds (65%) of organizations said they don’t possess the necessary resources to analyze all the consumer data they collect. If companies can’t analyze all of the data they collect, they likely don’t know all of the types of data they are collecting. And if they don’t know the types of data they are collecting, how can they classify it and apply the appropriate security controls for the data?

Cyber Attacks Affecting Operations of Critical Infrastructure Have High Probability of Becoming Routine

An article from VPN Compass points to statistics from Akamai’s latest State of the Internet report as a sign that high impact cyber attacks, such as those that affect the operations of critical infrastructure facilities, are starting to occur more frequently and that there

ICS Cybersecurity – The Time is Now

With greater awareness and emphasis on industrial cybersecurity over the past 12-18 months, ICS cybersecurity expert Galina Antova suggests next steps for organizations on the path toward greater situational awareness and industrial cybersecurity risk reduction. Now that asset owners are accepting this new reality, Ms. Antova encourages that it is time to effect change and prioritize a cybersecurity strategy. Part of the basic strategy involves understanding the environment, expanding risk and governance models, and keeping executives and boards apprised of the evolving threat landscape.

Security Awareness and Blended Threats – Protecting Users from Cultural Event Scams, Phone Call Scams, and... Vacations?

In a security awareness trifecta, three leading cybersecurity organizations posted resources to help users recognize, understand, and avoid a few currently trending risks that affect our physical and digital lives. First, McAfee Labs explains the penchant for cyber actors in leveraging current physical events like The Olympics and World Cup, and the potential cyber implications to unwary fans.

Rockwell Automation Allen-Bradley Stratix 5950 (ICSA-18-184-01) - Products Used in Energy and Water and Wastewater Sectors

The NCCIC has released an advisory regarding several vulnerabilities affecting multiple Allen-Bradley Stratix 5950 Security Appliances running Cisco ASA v9.6.2 and earlier. The vulnerabilities include improper input validation, improper certificate validation, and resource management errors. Successful exploitation of these vulnerabilities could allow an attacker to bypass client certification to create connections to the affected device or cause the device to crash. These vulnerabilities are remotely exploitable.

Insider Threats – Myths and Misconceptions

As the concern over insider threats grows, SecurityWeek offers a post to help dispel some common myths and misconceptions for deterring, detecting, and responding. The post highlights the fact that this threat is not always malicious or intentional, but often unintentional and/or negligent. The difference between a formal insider threat program and the use of detection tools is also delineated.

Pages

Subscribe to Cybersecurity