July 7, 2020
CISA has updated this advisory with additional details on the vulnerability and mitigation measures. This advisory was initially published on June 23, 2020. Read the advisory at CISA.
June 23, 2020
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has released Securing Industrial Control Systems: A Unified Initiative, a multi-year strategy for enhancing ICS security in the U.S., and a companion fact sheet. The initiative features four pillars:
DataBreaches.net states it best…”Here we go again?” As previously published in several Security & Resilience Updates, December 2019 – February 2020 included a significant spate of local and municipal government entities being impacted by vulnerabilities with online payment application Click2Gov. According to cybersecurity firm TrendMicro, they have identified at least eight U.S.
Periodically, critical vulnerabilities are overhyped and require a more practical approach to assessing true impacts. But in this case, Joe Slowik Principal Adversary Hunter at ICS cybersecurity firm Dragos agrees recent statements are quite appropriate for the recent F5 BIG-IP ADC vulnerability CVE-2020-5902.
F5 has released a security advisory to address a remote code execution (RCE) vulnerability – CVE-2020-5902 – in the BIG-IP Traffic Management User Interface (TMUI). An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the F5 advisory for CVE-2020-5902 and upgrade to the appropriate version.
CISA has published an advisory on path traversal, command injection, unrestricted upload of file with dangerous type, cross-site request forgery, and improper authentication vulnerabilities in Nortek Linear eMerge 50P/5000P. Versions 4.6.07 (revision 79330) and prior are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain full system access. Nortek has released v32-09a to address the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on a cross-site scripting vulnerability in ABB System 800xA Information Manager. Versions prior to 5.1 Rev E/5.1 FP4 Rev E TC6, 6.0.3.3 RU1, and 6.1 RU1 are affected. Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server. ABB has provided a list of recommended measures to mitigate the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.
Microsoft has released security updates to address vulnerabilities in Windows 10 and Windows Server. These vulnerabilities could allow a remote attacker to take control of an affected system.
July 2, 2020
CISA has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at CISA.
June 18, 2020
While phishing for credentials is a top cyber attack vector, many threat actors do not need to rely on phishing because password guessing is so easy. Threat intelligence firm Flashpoint took a deep dive into its collection of over 35 billion compromised credentials and unsurprisingly discovered a primary parallel: people are predictable.
After slicing and dicing the top 10,000 bad passwords, Flashpoint observed:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
