Although al Qa’ida is better known for its physical terror attacks than its cyber presence, it has practiced cyber terrorism and appears to be attempting to grow its capabilities in this area, according to an article in Small Wars Journal. Historically, the group’s cyber activities have been limited to using the Internet and social media to spread its jihad message as well as a few relatively minor attacks, such as website defacements.
People are creatures of habit, and predictable - these facets of our personalities are frequently taken advantage of by cyber threat actors looking to crack passwords from the latest data breach repository. Cybersecurity firm Rapid7 explains the password cracking process, and shows how users still create passwords with easily guessable, thus easily hackable, patterns. This post also highlights how these predictable patterns still allow miscreants to crack hashed/encoded passwords.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function. Yokogawa recommends users update or patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
August 21, 2018
The NCCIC has updated this advisory with additional details on mitigations. The original advisory was published on June 27, 2012. NCCIC/ICS-CERT.
June 27, 2012
With data breaches being commonplace, Tripwire offers a post reminding us of the role people play in preventing or enabling breaches and other cybersecurity incidents. Most studies over the last few years have consistently revealed that human error is responsible for well over 75% of cybersecurity and privacy breaches. While technology controls are an important part of an overall cybersecurity strategy, technology does fail from time-to-time, and when it does, people become the last (and best) cybersecurity defense.
The NCCIC has released an advisory on uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emerson DeltaV DCS Workstations. DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations. Emerson recommends users patch the affected products.
The NCCIC has released an advisory on path traversal and improper authentication vulnerabilities in Tridium Niagara. Niagara AX Framework version 3.8 and prior and Niagara 4 Framework version 4.4 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. Tridium has provided updates to address the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates.
As the TVA post highlights, company-wide awareness training has proven a success in their overall cyber resilience strategy. Email security firm, Mimecast shares a relevant post on the downsides to the lack of security awareness training and proposes a more balanced approach to prevent security fatigue. When evaluating current awareness programs, consider that security awareness should be convincing, engaging, and challenging – not obvious and boring.
With a layered and isolated cyber defense strategy in place, Tennessee Valley Authority (TVA) states that despite the tens of thousands of attempts per day, including those conducted by nation states, they have not had any events that have impacted their operational capability. TVA, America’s largest government owned power utility, is considered one of the prime targets for a cyber attack.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
