Vendors, contractors, consultants, and integrators are vital parts of the supply chain. These relationships must be assessed and better managed for the risks they pose to the overall risk profile of an organization. Yet many organizations fail to adequately manage the risk posed from these trusted third party relationships.
CISA has published an advisory on an inadequate encryption strength vulnerability in Emerson OpenEnterprise. All versions through 3.3.5 are affected. Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 6 (3.3.6), to resolve this issue. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on a path traversal vulnerability in Advantech iView. iView Versions 5.7 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application. Advantech has released Version 5.7.02 of iView to address the reported vulnerability. CISA also CISA also recommends a series of measures to mitigate the vulnerability.
The Avaddon ransomware operators claimed to have breached and leaked stolen data from a concrete formwork construction company involved in water infrastructure projects, including water treatment plants and reservoirs. Through information provided by a trusted third party, WaterISAC is aware that Avaddon is claiming on its darkweb site to have leaked 25% of the data reportedly stolen from EFCO (www[.]efcoforms[.]com). Avaddon is a relatively new ransomware-as-a-service (RaaS) malware and has recently jumped on the data breach bandwagon.
On Monday, the Cybersecurity and Infrastructure Security Agency (CISA) released its strategy to ensure the security and resilience of fifth generation (5G) technology in the United States. According to the release, CISA’s 5G Strategy seeks to advance the development and deployment of a secure and resilient 5G infrastructure, one that promotes national security, data integrity, technological innovation, and economic opportunity for the United States and its allied partners.
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security (DHS) and operated by MITRE, has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
August 20, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
August 4, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
July 21, 2020
When ransomware strikes a company, it is easy for pundits to say, “don’t pay the ransom.” But in reality, that is not always a practical choice. If you have not been impacted by ransomware yet, you are fortunate. Furthermore, if you think you know what you will do when you are (and even if you don’t know), you might want to read this recent post by Mailguard. The article includes a quick timeline of events regarding the WastedLocker ransomware attack on Garmin last month and thoughts on navigating the critical quandary to pay or not to pay.
Cybersecurity challenges brought on by COVID-19 have been covered ad-nauseum and are largely unsurprising; however, a recent survey by cybersecurity firm Malwarebytes revealed a few things that make you go 'hmmmm.' In its latest report, Enduring from Home: COVID-19’s Impact on Business Security, Malwarebytes Labs summarizes respondents’ concerns about transitioning to work-from-home, the impacts suffered due to the pandemic, and plans to implement long-term security changes moving ahead.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
