Cybersecurity

What Every CISO Should Ask about OT/ICS Security

It is not uncommon for OT/ICS cybersecurity to fall under the authority of IT. This isn’t necessarily a bad thing, unless IT is taking responsibility/action and lacks OT-specific knowledge. While many concepts can be drawn from IT security to help secure OT, many of the processes do not translate well. The opposite also presents a challenge, as many OT operators and engineers may not have cybersecurity experience. This is why it is imperative for both OT and IT cybersecurity teams to work together; however, that isn’t always as easy as it sounds.

Read more about What Every CISO Should Ask about OT/ICS Security

Accenture Report Groups Incident Response Planning into Three Steps

Last week we talked about responding to cyber threats during the 15CFAM series. We said that, developing plans for how utilities will respond to cyber incidents is critical for resilience from such events.

Read more about Accenture Report Groups Incident Response Planning into Three Steps

Threat Awareness - Continued Qakbot/Qbot Use in Current Malicious Email Campaigns

It is no surprise threat actors are notorious for using current events in social engineered phishing campaigns. Malwarebytes discovered a current malspam campaign exploiting doubts about the election process that is delivering Qbot/Qakbot – malware often found in conjunction with Emotet. According to Malwarebytes, this current campaign is stealing email threads to be used in future campaigns. The phish contains a bogus DocuSign document attachment purporting to include information on election interference.

Read more about Threat Awareness - Continued Qakbot/Qbot Use in Current Malicious Email Campaigns

Google Releases Security Updates for Chrome – Updated November 3, 2020

November 3, 2020

Tags:

google chrome security update

Read more about Google Releases Security Updates for Chrome – Updated November 3, 2020

Oracle Releases Out-of-Band Security Alert

Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750 - in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. CISA urges users and administrators review the Oracle Security Alert and apply the necessary updates.

Read more about Oracle Releases Out-of-Band Security Alert

ARC Informatique PcVue (ICSA-20-308-03)

CISA has published an advisory on deserialization of untrusted data, access to critical private variable via public method, and information exposure of sensitive information to an unauthorized actor vulnerabilities in ARC Informatique PcVue. PcVue Versions 8.10 to versions prior to 12.0.17 are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, expose sensitive data, and prevent legitimate users from connecting to PcVue services. ARC Informatique recommends upgrading PcVue to v12.0.17. CISA also recommen

Read more about ARC Informatique PcVue (ICSA-20-308-03)

NEXCOM NIO50 (ICSA-20-308-02)

CISA has published an advisory on improper input validation and cleartext transmission of sensitive information vulnerabilities in NEXCOM NIO50. All versions of NEXCOM NIO 50 are affected. Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information and cause a denial-of-service condition due to improper input validation. NEXCOM no longer sells or maintains NIO 50 and considers it to be an end-of-life product. CISA also recommends a series of measures to mitigate the vulnerabilities.

Read more about NEXCOM NIO50 (ICSA-20-308-02)

WAGO Series 750-88x and 750-352 (ICSA-20-308-01) - Products Used in the Energy Sector

CISA has published an advisory on an uncontrolled resource consumption vulnerability in WAGO Series 750-88x and 750-352. A series of firmware versions prior to FW11 are affected. Successful exploitation of this vulnerability could allow an attacker to crash the device being accessed using a denial-of-service attack. WAGO recommends updating to the latest firmware, Version FW14. It also recommends other mitigations and workarounds to help reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

Read more about WAGO Series 750-88x and 750-352 (ICSA-20-308-01) - Products Used in the Energy Sector

A Menacing Duo – Ransomware and Emotet

Prior to the WaterISAC advisory on Friday, members have had plenty of reason to keep ransomware top of mind, including the significant increase in Emotet detections since the trojan’s reawakening this July.

Read more about A Menacing Duo – Ransomware and Emotet

NCI Ransomware Report: Analysis of Activity and Recommendations to Disrupt Operations

The National Council of ISACs (NCI), of which WaterISAC is a member, has published a report describing how criminal organizations conduct ransomware operations and their impact to society. The report provides a thorough background of ransomware, to include providing descriptions of how ransomware infections occur and offering key statistics. One of these statistics is an estimate from the FBI that there are 4,000 ransomware attacks every day, equating to a ransomware attack every 40 seconds.

Read more about NCI Ransomware Report: Analysis of Activity and Recommendations to Disrupt Operations

You are here

Cybersecurity

What Every CISO Should Ask about OT/ICS Security

Accenture Report Groups Incident Response Planning into Three Steps

Threat Awareness - Continued Qakbot/Qbot Use in Current Malicious Email Campaigns

Google Releases Security Updates for Chrome – Updated November 3, 2020

Oracle Releases Out-of-Band Security Alert

ARC Informatique PcVue (ICSA-20-308-03)

NEXCOM NIO50 (ICSA-20-308-02)

WAGO Series 750-88x and 750-352 (ICSA-20-308-01) - Products Used in the Energy Sector

A Menacing Duo – Ransomware and Emotet

NCI Ransomware Report: Analysis of Activity and Recommendations to Disrupt Operations

Pages

You are here

Cybersecurity

Pages

Footer Email Signup