You are here

Home » Cybersecurity

Cybersecurity

ControlByWeb X-320M (ICSA-19-017-03)

The NCCIC has released an advisory on improper authentication and cross-site scripting vulnerabilities in ControlByWeb X-320M. Versions 1.05 and prior are affected. Successful exploitation of these vulnerabilities may allow arbitrary code execution and could cause the device being accessed to require a physical factory reset to restore the device to an operational state. ControlByWeb has released a firmware update to address the vulnerabilities found on the X-320M. The NCCIC also advises on a series of mitigating measures for this vulnerability.

ABB CP400 Panel Builder TextEditor 2.0 (ICSA-19-017-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper input validation vulnerability in ABB CP400 Panel Builder TextEditor 2.0. Versions 2.0.7.05 and prior are affected. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code and cause a denial-of-service condition within the Text Editor application. ABB recommends users of affected Versions 2.0.7.05 and prior update to the latest Version 2.1.7.21. The NCCIC also advises on a series of mitigating measures for this vulnerability.

BEC Scammers Go After Employee Paychecks

An upward trend has been recorded with business email compromise (BEC) scams where fraudsters trick human resource departments into changing an employee's direct deposit information to divert paychecks into an account they control. In a typical BEC scam, the fraudster sends an email to an employee authorized to make wire transfers and deceives them into sending the money into an unauthorized account. The underlying principle remains the same, only this time the victim could be anyone in the company.

Emotet Returns from the Holidays with New Tricks

Following a short period of low activity during the holiday, Emotet operators are back at distributing through malicious email campaigns a new strain of their payload that carries new tricks. The message target users speaking different languages, luring them into opening an attached document laced with code that pulls in and installs the malware. The new variant can also check if the recipient's/victim's IP address is blacklisted or on a spam list maintained by services like Spamhaus, SpamCop, or SORBS.

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA (ICSA-19-015-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and authentication bypass using an alternate path or channel vulnerabilities in LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. Version 4.1.0.3870 is affected. Successful exploitation of these vulnerabilities could allow remote code execution, data exfiltration, or cause a system crash. LCDS recommends users update to Version 4.1.0.4150.

2018: A Year of Cyber Attacks

Hackmageddon has compiled a full listing of cyber attacks it observed in 2018 – 1,337 in all – presenting for each the suspected perpetrator, target, and type of attack, among other details. From the individual incidents it has generated a number of useful statistics, which present the attacks that occurred by sector (including for the water sector), by month, and by motivation. Access the full listing of cyber incidents at Hackmageddon.

Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

New research indicates that the Ryuk ransomware actors may be using new types of malware to gain entrance to victims’ networks. As previously reported on by WaterISAC, the systems and networks of water utility in North Carolina were infected in October 2018 by Ryuk ransomware that had been dropped by the Emotet malware. In new reports by FireEye and CrowdStrike, researchers explain how “TrickBot” is now being used to get access.

Pages

Subscribe to Cybersecurity