Cybersecurity

U.S. Intelligence Chief Lays Out Threats to U.S. Infrastructure, Efforts to Protect It

On July 13, 2018, U.S. Director of National Intelligence Dan Coats stated that the U.S.’s digital infrastructure is under constant attack from foreign entities including China, Iran and North Korea, but he singled out Russia as the “most aggressive” one, highlighting the country’s reported efforts to use hacking and information campaigns to influence U.S. elections. But Coats also warned against having tunnel vision focused on the elections, noting that foreign actors continually target other aspects of U.S. critical infrastructure.

Read more about U.S. Intelligence Chief Lays Out Threats to U.S. Infrastructure, Efforts to Protect It

Business Email Compromise: The $12 Billion Scam

The FBI’s Internet Crime Complaint Center (IC3) has updated its Public Service Announcement (PSA) on the threat of Business Email Compromise scams. This latest PSA includes updated statistical data for the time frame of October 2013 to May 2018, which includes the estimate that during this period total domestic and international losses to the scam have amounted to over $12 billion.

Read more about Business Email Compromise: The $12 Billion Scam

FTC Issues Alert on Tech Support Scams

The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist.

Read more about FTC Issues Alert on Tech Support Scams

Collaboration Efforts Promote Secure-By-Design Standards for Industrial Connected Devices

Automation.com recently reached out to Eaton on the status of a strategic partnership they entered with Underwriters Laboratories (UL) in February 2018, to advance cybersecurity for power management technologies, and help establish measurable cybersecurity standards for network-connected power management products and systems. The first fruits of their labor include a research and testing facility where Eaton’s products are tested in a specialized lab for compliance with industry cybersecurity requirements before they are installed in critical systems.

Read more about Collaboration Efforts Promote Secure-By-Design Standards for Industrial Connected Devices

Chlorine Facility for Drinking Water and Sewage Treatment Targeted by Russia, Alleges Ukraine

The Security Service of Ukraine, or SBU, claims to have stopped a Russian cyber attack on a Ukrainian facility that provides chlorine for drinking water and sewage treatment. In its allegation, the SBU indicates the attack involved the VPNFilter malware (reported on by WaterISAC initially in late May – read more here) and was intended to disrupt operations.

Read more about Chlorine Facility for Drinking Water and Sewage Treatment Targeted by Russia, Alleges Ukraine

July 11, 2018 DHS Cybersecurity Advisor Program

On June 11, WaterISAC hosted a briefing on the U.S. Department of Homeland Security's Cybersecurity Advisor (CSA) program. CSAs are deployed to regions around the country to work with DHS's partners, including critical infrastructure owners and operators. One of their most sought-after services is their cybersecurity assessments, which were discussed in-depth during the briefing.

Read more about July 11, 2018 DHS Cybersecurity Advisor Program

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

The NCCIC has released an advisory on incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect. Compass Version 3.0.5.1 and prior and AcSELerator Architect Version 2.2.24.0 and prior are affected. Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service. Schweitzer Engineering Laboratories recommends users upgrade to the latest release of both products.

Read more about Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

Universal Robots Robot Controllers (ICSA-18-191-01)

The NCCIC has released an advisory on hard-coded credentials and missing authentication for critical function vulnerabilities in Universal Robots Robot Controllers. CB 3.1, SW Version 3.4.5-100 is affected. Successful exploitation of these vulnerabilities could allow a remote attacker to run arbitrary code on the device. Universal Robots has recommended a series of remedial actions to address these vulnerabilities.

Read more about Universal Robots Robot Controllers (ICSA-18-191-01)

Microsoft Releases July 2018 Security Update

Microsoft has released its monthly update to address vulnerabilities in its software.

Read more about Microsoft Releases July 2018 Security Update

You are here

Cybersecurity

U.S. Intelligence Chief Lays Out Threats to U.S. Infrastructure, Efforts to Protect It

Business Email Compromise: The $12 Billion Scam

More Questions than Answers Regarding Ukrainian Chlorine Facility Incident Affected by VPNFilter Malware

FTC Issues Alert on Tech Support Scams

Collaboration Efforts Promote Secure-By-Design Standards for Industrial Connected Devices

Chlorine Facility for Drinking Water and Sewage Treatment Targeted by Russia, Alleges Ukraine

July 11, 2018 DHS Cybersecurity Advisor Program

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect (ICSA-18-191-02) – Products Used in the Energy Sector

Universal Robots Robot Controllers (ICSA-18-191-01)

Microsoft Releases July 2018 Security Update

Pages

You are here

Cybersecurity

Pages

Footer Email Signup