You are here

Home » Cybersecurity

Cybersecurity

Nearly All Compromised Accounts Did Not Use MFA

During the recent RSA cybersecurity conference, Microsoft engineers said that 99.9 percent of the compromised accounts they’ve tracked don’t use multi-factor authentication (MFA). In most cases, the account hacks happen through simplistic attacks, which MFA is typically effective against. The primary sources of most hacks of Microsoft accounts was password spraying, when an attacker picks a common and easy-to-guess password, and goes through a long list of usernames until they get a hit and can access an account using said password.

Siemens S7-300/400 PLC Vulnerabilities (Update E) (ICSA-16-348-05D) – Product Used in Energy and Water and Wastewater Systems Sectors

March, 10, 2020

CISA has updated the advisory with additional details on the affected products and the nature of the vulnerability. Read the advisory at CISA.

January 25, 2018

ICS-CERT has updated this advisory with additional details on mitigation measures. ICS-CERT.

November 28, 2017

Tags: 
ics-cert siemens s7-300 s7-400

WAGO I/O-CHECK (ICSA-20-065-01) – Product Used in the Energy Sector

CISA has published an advisory on information exposure through sent data, buffer access with incorrect length value, missing authentication for critical function, and classic buffer overflow vulnerabilities in WAGO I/O-CHECK Series PFC100 and Series PFC200. Multiple versions of this software are affected. Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses.

UK Releases Tips on Securing Smart Security Cameras

The UK National Cyber Security Centre (NCSC) has released guidance on how to correctly set up smart security cameras to avoid having them hacked by attackers. The guidance begins with a series of three steps that the NCSC says will make it much harder for cyber criminals to access your smart camera. These include changing default passwords, implementing regular security updates, and removing the feature for remotely viewing camera footage via the internet (unless you need it). The guidance also discusses router settings that, if not properly configured, can be exploited by hackers.

Australia Releases Securing Content Management Systems Guide

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS). This guidance provides effective mitigation strategies organizations can use to better protect their external-facing systems from cyber network exploitation. Read the guide at ACSC.

March 5 is National “Slam the Scam” Day

In association with the Federal Trade Commission’s National Consumer Protection Week (March 1 to 7), the Social Security Administration (SSA) has designated March 5 as National “Slam the Scam” Day to educate Americans about telephone scammers impersonating government employees. As many water and wastewater utility personnel have experienced, scammers aim to gain potential victims’ trust and steal their money and personally identifiable information.

ICS Alert: SweynTooth Vulnerabilities

CISA has published an alert on multiple Bluetooth Low Energy (BLE) vulnerabilities with proof-of-concept (PoC) exploit code affecting a large number of IOT, Smart-home, wearable, and medical devices from vendors who utilize BLE wireless communication technology. CISA notes the alert was released without coordination with some of the affected vendors, adding that it has notified some of the vendors of the report and has asked them to confirm the vulnerabilities and identify mitigations.

Pages

Subscribe to Cybersecurity