CISA has published an advisory on relative path traversal, incorrect default permissions, inadequate encryption strength, insecure storage of sensitive information, and stack-based buffer overflow vulnerabilities in VISAM Automation Base (VBASE). VBASE Editor, version 11.5.0.2 and VBASE Web-Remote Module are affected.
CISA has published an advisory on path traversal and missing authentication for critical function vulnerabilities in Schneider Electric IGSS SCADA software. Versions 14 and prior using the service IGSSupdate are affected. Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions. Schneider Electric has provided IGSS14 Version 14.0.0.20009 to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.
Part Five: MITRE ATT&CK for ICS – Practical Applications for Device Restart/Shutdown
CISA has published an advisory on a cross-site scripting vulnerability in Systech NDS-5000 Terminal Server. NDS/5008 (8 Port, RJ45), firmware Version 02D.30 is affected. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. Systech released firmware Version 02F.6 that eliminates this vulnerability. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
In a blog, the National Institute for Standards and Technology (NIST) offers some tips for holding a secure virtual meeting, something many organizations are likely interested in right now given increased implementation of telework options amid COVID-19 concerns. Some of the tips include limiting reuse of codes, especially if you’ve used the same one for a while; enabling notifications when attendees join by playing a tone or announcing names; and using a dashboard to monitor attendees (if available), among other advice.
The FBI’s Portland, Oregon office has published an advisory discussing best practices for mobile apps, such as those used for messaging, banking, gaming, and more. Some of these apps might have legitimate work functions and been vetted by an organization for use. In workplaces where employees are allowed to connect their personal devices to business networks, other apps are likely being accessed. If these other apps have vulnerabilities, that constitutes a vulnerability for the network.
Malware authors are really good at modifying malware code to evade detection by antivirus and other security products, including artificial intelligence and machine learning security engines. They also predictably incorporate trending news for their lures. So it comes as no surprise that miscreants are currently using coronavirus-themed news to bypass detection technologies. Specifically, BleepingComputer recently observed Emotet and TrickBot samples using strings from actual CNN news stories in their malware files.
The importance of asset management cannot be overstated. Asset Management is the first consideration in WaterISAC’s 15 Cybersecurity Fundamentals (Perform Asset Inventories), the CIS Controls (Inventory and Control of Hardware Assets), and countless other standard practice cybersecurity documents and advice.
CISA has published an advisory on stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics Industrial Automation CNCSoft ScreenEditor. Versions 1.00.96 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta recommends updating to the latest version of CNCSoft v1.01.24 (with ScreenEditor v1.00.98) and restricting the interaction with the application to trusted files.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
