You are here

Home » Cybersecurity

Cybersecurity

Global Survey Reveals Widespread Concerns of Cyber Attacks and Skepticism about Preparedness

The results of a recent survey by the Pew Research Center show that people in multiple countries think it is likely that government data, public infrastructure, and elections will be targeted by future hacks. Opinion is mixed, however, on whether their nations are prepared for such events. The results revealed that in the 26 countries included in the survey, 74% believe it is likely their country’s sensitive national security information would be accessed, 69% think it is likely that public infrastructure would be damaged, and 61% believe elections would be tampered with.

Top Cybersecurity Conferences for 2019

Tripwire has assembled a list of what it assesses to be the top information security conferences for 2019. The Amazon Web Service “RE:INFORCE” conference (June 25-26 in Boston, MA) has separate tracks intended for security engineers as well as C-suite executives. THOTCON (May 3-4 in Chicago, IL) will address topics that include industrial control systems and the Internet of Things.

Small to Midsize Business WiFi Done Right: Seven Best Practices that Are Seldom Followed

An article in BetaNews describes seven best practices for small to midsize businesses (SMBs) employing WiFi that are meant to overcome problems that have been frequently observed by security experts. The best practices include setting up separate SSIDs for staff and guests, choosing a single WiFi vendor for a given site, and turning off obvious sources of interference. For these and ther other recommended measures, the article includes detailed explanations of why and how they should be employed.

Schneider Electric Zelio Soft 2 (ICSA-19-008-01)

The NCCIC has published an advisory on a use after free vulnerability in Schneider Electric Zelio Soft 2. Versions 5.1 and prior are affected. Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project file. Schneider Electric has released Version 5.2 of the affected software and a security notification. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Director of National Intelligence Group Launches Campaign to Help Private Industry Guard against Threats from Nation State Actors

The National Counterintelligence and Security Center, an entity within the Office of the Director of National Intelligence, has launched a campaign of disseminating videos, brochures, and other informative materials to help organizations guard against growing threats from foreign intelligence entities and other adversaries. One of the categories of materials for this program is “Know the Risk, Raise Your Shield,” which is intended to raise awareness among organizations and equip them with best practices for protecting their data, assets, technologies, and networks.

Schneider Electric Pro-face GP-Pro Ex (ICSA-19-003-01) – Product Used in the Energy Sector

The NCCIC has published an advisory on an improper input validation vulnerability in Schneider Electric Pro-face GP-Pro Ex. Versions 4.08 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to modify code to launch an arbitrary executable upon launch of the program. Schneider Electric has produced Version 4.08.200 of the software to address this vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability.

Yokogawa Vnet/IP Open Communication Driver (ICSA-19-003-02) – Products Used in the Energy Sector

The NCCIC has published an advisory on a resource management error vulnerability in Yokogawa Vnet/IP Open Communication Driver. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable. Yokogawa recommends users of affected devices and versions update to the latest available release. The NCCIC also advises on a series of mitigating measures for this vulnerability.

Hetronic Nova-M (ICSA-19-003-03)

The NCCIC has published an advisory on an authentication bypass by capture-replay vulnerability. All versions prior to r161 are affected. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. Hetronic recommends that all Nova-M users update their radio transmitters and receivers. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Pages

Subscribe to Cybersecurity