You are here

Home » Cybersecurity

Cybersecurity

ABB Device Library Wizard (ICSA-20-175-03) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an insecure storage of sensitive information vulnerability in ABB Device Library Wizard. Versions 6.0.X, 6.0.3.1, and 6.0.3.2 are affected. Successful exploitation of this vulnerability could allow a low-level user to escalate privileges and fully compromise the device. ABB recommends users apply updates to address the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Access the advisory at CISA.

Smart City Systems Implementation Resource Guide

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a Trust in Smart City Systems report. It is intended to serve as a resource guide for discussions between smart city decision-makers, designers, and implementers during the initial, high-level design of a smart city project and make decisions based on a more complete understanding of the tradeoffs.

Honeywell ControlEdge PLC and RTU (ICSA-20-175-02) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a cleartext transmission of sensitive information vulnerability in Honeywell ControlEdge PLC and RTU. ControlEdge PLC R130.2, R140, R150, and R151 and ControlEdge RTU R101, R110, R140, R150, and R151 are affected. Successful exploitation of these vulnerabilities could allow an attacker to obtain passwords and session tokens. Honeywell provided detailed information for mitigation on the insecure communication in Control Edge PLC\RTU, available in a support document. CISA also recommends a series of measures to mitigate the vulnerability.

Australians Experienced 34 Percent Increase in Scams in 2019

Australians reported 167,797 scams to the Australian Competition and Consumer Commission (ACCC)-controlled Scamwatch in 2019, a 34 percent increase over the year prior. The financial impact in 2019 to Australians was just over $634 million (in Australian dollars). The greatest losses in 2019 by type of scam were: $132 million to business email compromise (BEC) scams, $126 million to investment scams, and $83 million lost to dating and romance scams.

Australia Advisory (2020-008) Regarding “Copy-Paste Compromises” Targeting Multiple Australian Networks

The Cybersecurity and Infrastructure Security Agency (CISA) is passing through an Australian Cyber Security Centre ASCS Advisory 2020-008 regarding what it believes to be a sustained cyber attack against Australian government and commercial networks involving “copy-paste compromises.” While the attack is being attributed to a sophisticated state-based threat actor, the methods being used are described as nothing mo

The Perils of Third-Party Breaches - Fusion Centers, Police Departments, and Others Impacted by #BlueLeaks Trove of Stolen Data

On Friday, June 19, 2020, an Anonymous-aligned hacktivist group Distributed Denial of Secrets (DDoSecrets) published nearly 270GB of data stolen from technology service provider Netsential. DDoSecrets is a WikiLeaks-style organization that describes itself as a “transparency collective” whose goal is the “free transmission of data in the public interest” and Netsential manages portals for content delivery and membership for many law enforcement organizations, including police departments, fusion centers, and the FBI.

ICONICS GENESIS64, GENESIS32 (ICSA-20-170-03)

CISA has published an advisory on out-of-bounds write, deserialization of untrusted data, and code injection vulnerabilities in ICONICS GENESIS64, GENESIS32 The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior are affected: GENESIS64, Hyper Historian, AnalytiX, and MobileHMI. The following products using GenBroker32 v9.5 and prior are affected: GENESIS32 and BizViz. Successful exploitation of these vulnerabilities may allow remote code execution or denial of service. ICONICS is releasing a patch for the affected products.

Pages

Subscribe to Cybersecurity