You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Top Q’s & A’s About Remote Working

While staff may more or less be adjusting to their new remote work environment, statistics indicate they are still being inundated with phishing and other suspicious cyber attack attempts. Given heightened environmental distractions and other challenges with working remotely, it is important during this time that we keep security awareness and cyber hygiene reminders forefront in our users minds. Mail security firm MailGuard answers six important questions about working remotely and cybersecurity.

Situational Awareness - Coronavirus Developments Overview

While coronavirus-related news and information are still rampant, it is reasonable to expect many people have settled into a relative current normal and are not micro-checking every story or statistic that is published. That said, there are still significant advisories, updates, and developments that are prudent to maintain situational awareness from authoritative and vetted sources. WaterISAC continues striving to curate the most relevant updates so you don’t have to. Today, we bring you COVID-19 Key Developments from risk intelligence organization Flashpoint.

CISA Alert: Guidance on the North Korean Cyber Threat

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an alert intended to serve as a comprehensive resource on the North Korean cyber threat. The U.S. Departments of State and the Treasury and the FBI also contributed to this product. Although much of the malicious activity described in the alert is targeted against the financial sector, the alert reminds its audience that North Korea has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure.

Intel Releases Security Advisories on Multiple Products - Updated April 14, 2020

April 14, 2020

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain escalation of privileges. CISA encourages users and administrators to review the following Intel advisories and apply the necessary updates or workarounds. Read the advisory at CISA.

March 10, 2020

Siemens TIM 3V-IE and 4R-IE Family Devices (ICSA-20-105-09) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an active debug code vulnerability in Siemens TIM 3V-IE and 4R-IE Family Devices. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access to gain full control over the device. Siemens has released updates for the affected products and recommends users update to the new version. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens SIMOTICS, Desigo, APOGEE, and TALON (ICSA-20-105-06) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a business logic errors vulnerability in Siemens SIMOTICS, Desigo, APOGEE, and TALON. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to affect the availability and integrity of the device. Siemens recommends mitigations and workarounds for the affected products. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Siemens Climatix (ICSA-20-105-04)

CISA has published an advisory on cross-site scripting and basic XSS vulnerabilities in Siemens Climatix. All versions of Climatix POL908 (BACnet/IP module) and Climatix POL909 (AWM module) are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code to access confidential information without authentication. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities.

Pages

Subscribe to Cybersecurity