Recent public research indicates the group responsible for the CRASHOVERRIDE (a.k.a., Industroyer) malware used to disrupt the Ukrainian electric grid in 2016 is expanding its target set, reportedly to include organizations in the water and wastewater sector. Additionally, the group is no longer solely geographically focused on targets within the Ukraine.
The original "Cyber Kill Chain" developed by Lockheed Martin, identifies seven steps adversaries perform to compromise networks and accomplish an objective. TechRepublic posted an article offering basic end-user awareness or endpoint-focused defense actions at each step of the Cyber Kill Chain to stop malicious actors from achieving their ultimate goal.
The NCCIC has released an advisory on out-of-bounds read, heap-based buffer overflow, and stack-based buffer overflow vulnerabilities in Delta Industrial Automation DOPSoft. Versions 4.00.04 and prior are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to read sensitive information, execute arbitrary code, and/or crash the application. Delta Electronics recommends affected users update to the latest version.
May 24, 2018
The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.
May 8, 2018
May 24, 2018
The NCCIC has updated this advisory with additional details on mitigation measures. NCCIC/ICS-CERT.
May 10, 2018
The NCCIC has released an advisory on heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open redirect vulnerabilities in Schneider Electric Floating License Manager. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.
The NCCIC has released an advisory on command injection, information exposure, and stack-based buffer overflow vulnerabilities in PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series. All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affected. Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure. PHOENIX CONTACT recommends that affected users upgrade to firmware Version 1.34 or higher.
The NCCIC has released an advisory on an improper input validation vulnerability in GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, Rxi. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could cause the device to reboot and change its state, causing the device to become unavailable. GE has released the following firmware to mitigate the vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.
The NCCIC has released an advisory on vulnerabilities in Advantech WebAccess. Multiple versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the host and/or target, execute arbitrary code, or delete files. Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
On May 15, the U.S. Department of Homeland Security (DHS) released its Cybersecurity Strategy, which outlines the Department’s approach to identifying and managing national cybersecurity risk. The Strategy consists of five pillars: Risk Identification; Vulnerability Reduction; Threat Reduction; Consequence Mitigation; and Enable Cybersecurity Outcomes. Each of these pillars is accompanied by one or more goals, which are themselves supported by objectives.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
