You are here

Home » Cybersecurity

Cybersecurity

Rockwell Automation RSLinx Classic (ICSA-20-100-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in Rockwell Automation RSLinx Classic. Versions 4.11.00 and prior are affected. Successful exploitation of this vulnerability could allow a local authenticated attacker to execute malicious code when opening RSLinx Classic. For Versions 3.60 to 4.11, Rockwell Automation recommends users apply patch 1091155. Affected users are encouraged to apply the most recent version of RSLinx Classic. CISA also recommends a series of measures to mitigate the vulnerability.

HMS Networks eWON Flexy and Cosy (ICSA-20-098-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a cross-site scripting vulnerability in HMS Networks eWON Flexy and Cosy. For both products, all firmware versions prior to 14.1s0 are affected. Successful exploitation of this vulnerability could initiate a password change. HMS Networks recommends users update to latest firmware, Version 14.1s0. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

GE Digital CIMPLICITY (ICSA-20-098-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper privilege management vulnerability in GE Digital CIMPLICITY. Versions 10.0 and prior are affected. Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CISA also recommends a series of measures to mitigate the vulnerability.

Advantech WebAccess/NMS (ICSA-20-098-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on unrestricted upload of file with dangerous type, SQL injection, relative path traversal, missing authentication for critical function, improper restriction of XML external entity reference, and OS command injection vulnerabilities in Advantech WebAccess/NMS. Versions prior to 3.0.2 are affected. Successful exploitation of these vulnerabilities may allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.

Security Awareness – Malicious Downloads Masquerade as Popular Virtual Conference Apps

Recently, virtual conferencing platform Zoom has received the lion’s share of criticism among collaboration platforms, but recent research by global cybersecurity firm Kaspersky reminds us that Zoom is not the only one being abused. Kaspersky’s findings reveal that Skype is the number one virtual conference platform being impersonated through malicious downloads. Unsurprisingly, fake apps masquerading as Zoom come in second, followed by WebEx, GoToMeeting, Flock, and Slack.

Coronavirus-Themed Cyber Threats – Same Threat, Different Lure

During the cybersecurity segment of the WaterISAC COVID-19 Web Briefing yesterday, we stressed that the current cyber threat landscape is not experiencing new/emerging threats. We stated how the ploys are the same, but it is the overall volume of attack techniques using coronavirus-themes that has increased. In other words, the product is the same, it has just been rebranded to appeal to more consumers.

Cyber Criminals Conduct BEC through Exploitation of Cloud-based Email Services

The FBI has released a Public Service Announcement (PSA) warning that cyber criminals are targeting organizations that use popular cloud-based email services to conduct business email compromise (BEC) scams. According to the PSA, the scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds.

FBI Warns about COVID-19 BEC and Money Mules Schemes

The FBI has published two advisories warning about two types of cyber crime seeking to leverage the ongoing COVID-19 pandemic: business email compromise (BEC) and money mule schemes. Business email compromise (BEC) is a scam that targets anyone who performs legitimate funds transfers. The FBI observes that recently there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.

Perch Data Backs Up Coronavirus-Themed Cyber Attack Activity

To back up the scam reports in today's campaigns at-a-glance post, community intelligence and network monitoring firm (and WaterISAC partner) Perch Security offers some data to highlight the security impact and to what degree threat actors are trying to capitalize from an exploding remote workforce. Perch took a peek at full RDP (remote desktop)-based activity from its entire customer base over a 90-day period to validate or debunk its theory. According to Perch, the data revealed a swell in all RDP-based attack activity over the course of 90 days, with a spike toward the end of March.

Pages

Subscribe to Cybersecurity