Part Five: MITRE ATT&CK for ICS – Practical Applications for Device Restart/Shutdown
CISA has published an advisory on a cross-site scripting vulnerability in Systech NDS-5000 Terminal Server. NDS/5008 (8 Port, RJ45), firmware Version 02D.30 is affected. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. Systech released firmware Version 02F.6 that eliminates this vulnerability. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
In a blog, the National Institute for Standards and Technology (NIST) offers some tips for holding a secure virtual meeting, something many organizations are likely interested in right now given increased implementation of telework options amid COVID-19 concerns. Some of the tips include limiting reuse of codes, especially if you’ve used the same one for a while; enabling notifications when attendees join by playing a tone or announcing names; and using a dashboard to monitor attendees (if available), among other advice.
The FBI’s Portland, Oregon office has published an advisory discussing best practices for mobile apps, such as those used for messaging, banking, gaming, and more. Some of these apps might have legitimate work functions and been vetted by an organization for use. In workplaces where employees are allowed to connect their personal devices to business networks, other apps are likely being accessed. If these other apps have vulnerabilities, that constitutes a vulnerability for the network.
Malware authors are really good at modifying malware code to evade detection by antivirus and other security products, including artificial intelligence and machine learning security engines. They also predictably incorporate trending news for their lures. So it comes as no surprise that miscreants are currently using coronavirus-themed news to bypass detection technologies. Specifically, BleepingComputer recently observed Emotet and TrickBot samples using strings from actual CNN news stories in their malware files.
The importance of asset management cannot be overstated. Asset Management is the first consideration in WaterISAC’s 15 Cybersecurity Fundamentals (Perform Asset Inventories), the CIS Controls (Inventory and Control of Hardware Assets), and countless other standard practice cybersecurity documents and advice.
CISA has published an advisory on stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics Industrial Automation CNCSoft ScreenEditor. Versions 1.00.96 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta recommends updating to the latest version of CNCSoft v1.01.24 (with ScreenEditor v1.00.98) and restricting the interaction with the application to trusted files.
According to a report just published by cybersecurity company FireEye, 76 percent of all ransomware infections occur outside working hours, with 49 percent taking place during nighttime over the weekdays and 27 percent taking place over the weekend. The reason why attackers choose to trigger the ransomware encryption process during the night or weekend is because most companies don't have IT staff working those shifts, and if they do, they are most likely short-handed.
CISA advises that Microsoft has released out-of-band security updates to address a remote code execution vulnerability (CVE-2020-0796) in Microsoft Server Message Block 3.1.1 (SMBv3). A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the resources and apply the necessary updates or workarounds. Read the advisory at CISA.
CISA has published an advisory on an improper access control vulnerability in Allen-Bradley Stratix 5950. Versions 1783-SAD4T0SBK9, 1783-SAD4T0SPK9, 1783-SAD2T2SBK9, and 1783-SAD2T2SPK9 are affected. Successful exploitation of this vulnerability could allow an attacker to write a modified image to the component. Rockwell Automation recommends users update to firmware version FRN v6.4.0 , which addresses the reported vulnerability. It has also provided a series of general security guidelines. CISA also recommends a series of measures to mitigate the vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
