You are here

Home » Cybersecurity

Cybersecurity

Advantech iView (ICSA-20-238-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a path traversal vulnerability in Advantech iView. iView Versions 5.7 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application. Advantech has released Version 5.7.02 of iView to address the reported vulnerability. CISA also CISA also recommends a series of measures to mitigate the vulnerability.

Avaddon Ransomware May Impact Water Infrastructure Contractor

The Avaddon ransomware operators claimed to have breached and leaked stolen data from a concrete formwork construction company involved in water infrastructure projects, including water treatment plants and reservoirs. Through information provided by a trusted third party, WaterISAC is aware that Avaddon is claiming on its darkweb site to have leaked 25% of the data reportedly stolen from EFCO (www[.]efcoforms[.]com). Avaddon is a relatively new ransomware-as-a-service (RaaS) malware and has recently jumped on the data breach bandwagon.

CISA Releases 5G Strategy

On Monday, the Cybersecurity and Infrastructure Security Agency (CISA) released its strategy to ensure the security and resilience of fifth generation (5G) technology in the United States. According to the release, CISA’s 5G Strategy seeks to advance the development and deployment of a secure and resilient 5G infrastructure, one that promotes national security, data integrity, technological innovation, and economic opportunity for the United States and its allied partners.

2020 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security (DHS) and operated by MITRE, has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

Don’t Pay the Ransom – Easier Said than Done

When ransomware strikes a company, it is easy for pundits to say, “don’t pay the ransom.” But in reality, that is not always a practical choice. If you have not been impacted by ransomware yet, you are fortunate. Furthermore, if you think you know what you will do when you are (and even if you don’t know), you might want to read this recent post by Mailguard. The article includes a quick timeline of events regarding the WastedLocker ransomware attack on Garmin last month and thoughts on navigating the critical quandary to pay or not to pay.

A Few COVID-19 Cybersecurity Challenges that Might Surprise You

Cybersecurity challenges brought on by COVID-19 have been covered ad-nauseum and are largely unsurprising; however, a recent survey by cybersecurity firm Malwarebytes revealed a few things that make you go 'hmmmm.' In its latest report, Enduring from Home: COVID-19’s Impact on Business Security, Malwarebytes Labs summarizes respondents’ concerns about transitioning to work-from-home, the impacts suffered due to the pandemic, and plans to implement long-term security changes moving ahead.

Water and Wastewater Sector Third Most Affected by ICS Vulnerabilities Disclosed in First Half 0f 2020

With vulnerability management being a pillar of every successful cyber risk management strategy, the latest report by industrial cybersecurity firm Claroty provides material evidence for member utilities challenged with prioritizing cybersecurity in the OT environment. According to findings in the Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020, the water and wastewater sector falls just below energy and critical manufacturing for the critical infrastructure sectors most affected by vulnerabilities published in ICS-CERT advisories.

New Information on North Korean Malicious Cyber Activity: BLINDINGCAN

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a new Malware Analysis Report (MAR) on BLINDINGCAN, a malware variant used by North Korean actors. In addition to providing a description of BLINDINGCAN, the MAR contains suggested response actions and recommended mitigation techniques.

Pages

Subscribe to Cybersecurity