You are here

Home » Cybersecurity

Cybersecurity

Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)

CISA has published an advisory on a classic buffer overflow vulnerability in Rockwell Automation 1794-AENT Flex I/O Series B. Versions 4.003 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution. Rockwell Automation recommends affected users ensure they are employing proper network segmentation and security controls when implementing the affected product. CISA also recommends a series of measures to mitigate this vulnerability.

Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector

CISA has published an advisory on an improper authentication vulnerability in Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer. XMC20 R4 using COGE5 versions older than co5ne_r1h07_12.esw and XMC20 R6 using COGE5 versions older than co5ne_r2d14_03.esw are affected. Successful exploitation of this vulnerability could allow an attacker to remotely take control of the product. Hitachi ABB Power Grids has corrected the problem in the different product versions and recommends users apply the firmware update at the earliest availability.

15CFAM – What’s so FUN about Addressing All the Things (Internet-of-Things) and the Supply Chain Too?

In keeping with this week’s NCSAM theme of internet-connected devices (in healthcare), we decided to jump way ahead in our ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series to #14 (Address All Smart Devices) and #13 (Secure the Supply Chain) from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide.

National Cybersecurity Awareness Month Week Three – #BeCyberSmart when Securing Internet-Connected Devices in Healthcare (and Everywhere)

The NCSAM focus for week three is on healthcare, specifically the internet-connected devices that increasingly dominate this vital sector. Given the emphasis on patient care, it goes without saying that the personal implications of internet-connected devices in healthcare are extremely critical. From hospitals and care facilities, to telemedicine, wellness apps, and implanted medical devices, industry and consumers alike need to understand the threats and take the necessary steps to secure these vulnerable and highly targeted devices.

‘15CFAM’ is No FUN When Vulnerabilities Aren’t Managed

Welcome back to our next installment of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its complement to National Cybersecurity Awareness Month (NCSAM). We hope you were challenged a little by our last 15CFAM on Consequence-driven Cyber-informed Engineering (CCE), but as promised we are back to a more broadly practical fundamental on vulnerability management.

FBI Tech Tuesday on Cybersecurity Awareness Month: Building a Digital Defense against Common Cyber Scams

In recognition of National Cybersecurity Awareness Month, the FBI’s Portland, Oregon field office is offering some important reminders on how to stay safe online. For this week’s publication, it focuses on building a digital defense against some of the most common forms of cyber scams. It discusses two of the most common schemes, those involving ransomware and business email compromise (BEC). It also describes two of the typical vectors for these attacks, specifically spoofing and phishing.

Pages

Subscribe to Cybersecurity