You are here

Home » Cybersecurity

Cybersecurity

Situational Awareness – Coronavirus Cyber Compendium, May 28, 2020

Flashpoint continues to track key updates regarding Covid-19 and how the pandemic is impacting cyber operations. Highlights include an FBI report warning of the risk of criminals and nation-states targeting US vaccine research, continued incidents of criminals attempting to scam government programs related to the pandemic, the latest misinformation and disinformation narratives that are popular on social media, and the deployment of Covid-19 tracking apps by governments.

Johnson Controls Kantech EntraPass (ICSA-20-147-02)

CISA has published an advisory on an improper access control vulnerability in Johnson Controls Kantech EntraPass. For Special Edition, Corporate Edition, and Global Edition, all versions up to and including v8.22 are affected. Successful exploitation of this vulnerability could potentially allow an authorized low-privileged user to gain full system-level privileges Johnson Controls recommends users upgrade all Kantech EntraPass Editions to Version 8.23. CISA also recommends a series of measures to mitigate the vulnerabilities.

ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020

The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to identify notable adversary TTPs.

CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK's National Cyber Security Centre (NCSC) have released “Cybersecurity Best Practices for Industrial Control Systems,” an infographic providing recommended cybersecurity practices for industrial control systems (ICS).

FBI PIN: Cybersecurity Criminals Take Advantage of COVID-19 Pandemic to Target Teleworking Employees through Fake Termination Phishing Emails and Meeting Invites

The FBI has published a Private Industry Notification advising that cyber criminals are targeting teleworking employees with fraudulent termination phishing emails and virtual teleconference meeting invites, citing COVID-19 as the reason. Employees who are alarmed by the message may not scrutinize the spoofed email address that looks similar to their company’s legitimate one. The emails entice victims to click on malicious links purporting to provide more information or online conferences pertaining to the victim’s termination or severance packages.

CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments

The Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, Internal Revenue Service (IRS), and United States Secret Service (USSS) have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments – particularly attempts to steal payments, personal and financial information, and disrupt payment efforts. Read the alert at CISA.

Schneider Electric EcoStruxure Operator Terminal Expert (ICSA-20-142-02) – Product Used in the Energy Sector

CISA has published an advisory on SQL injection, path traversal, and argument injection vulnerabilities in Schneider Electric EcoStruxure Operator Terminal Expert. EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) are affected. Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution. Schneider Electric recommends users update to EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A. CISA also recommends a series of measures to mitigate the vulnerabilities.

Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS (ICSA-20-142-01)

CISA has published an advisory on a cleartext storage of sensitive information vulnerability in Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS. Version 2.70 of Software House C-CURE 9000 and version 5.2 of American Dynamics victor VMS are affected. Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. Johnson Controls recommends a series of measures to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Pages

Subscribe to Cybersecurity