You are here

Home » Cybersecurity

Cybersecurity

15CFAM – What’s so FUN about Addressing All the Things (Internet-of-Things) and the Supply Chain Too?

In keeping with this week’s NCSAM theme of internet-connected devices (in healthcare), we decided to jump way ahead in our ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series to #14 (Address All Smart Devices) and #13 (Secure the Supply Chain) from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide.

National Cybersecurity Awareness Month Week Three – #BeCyberSmart when Securing Internet-Connected Devices in Healthcare (and Everywhere)

The NCSAM focus for week three is on healthcare, specifically the internet-connected devices that increasingly dominate this vital sector. Given the emphasis on patient care, it goes without saying that the personal implications of internet-connected devices in healthcare are extremely critical. From hospitals and care facilities, to telemedicine, wellness apps, and implanted medical devices, industry and consumers alike need to understand the threats and take the necessary steps to secure these vulnerable and highly targeted devices.

‘15CFAM’ is No FUN When Vulnerabilities Aren’t Managed

Welcome back to our next installment of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its complement to National Cybersecurity Awareness Month (NCSAM). We hope you were challenged a little by our last 15CFAM on Consequence-driven Cyber-informed Engineering (CCE), but as promised we are back to a more broadly practical fundamental on vulnerability management.

FBI Tech Tuesday on Cybersecurity Awareness Month: Building a Digital Defense against Common Cyber Scams

In recognition of National Cybersecurity Awareness Month, the FBI’s Portland, Oregon field office is offering some important reminders on how to stay safe online. For this week’s publication, it focuses on building a digital defense against some of the most common forms of cyber scams. It discusses two of the most common schemes, those involving ransomware and business email compromise (BEC). It also describes two of the typical vectors for these attacks, specifically spoofing and phishing.

Advantech R-SeeNet (ICSA-20-289-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an SQL injection vulnerability in Advantech R-SeeNet. Versions 1.5.1 through 2.4.10 are affected. Successful exploitation of this vulnerability could allow remote attackers to retrieve sensitive information from the R-SeeNet database. Advantech recommends updating to Version 2.4.11 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Advantech WebAccess/SCADA (ICSA-20-289-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an external control of file name or path vulnerability in Advantech WebAccess/SCADA. Versions 9.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute remote code as an administrator. Advantech recommends users update to Version 9.0.1 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Pages

Subscribe to Cybersecurity