You are here

Home » Cybersecurity

Cybersecurity

GE PACSystems RX3i (ICSA-20-014-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has released an advisory on an improper input validation vulnerability in GE/Emerson PACSystems RX3i. For all of the affected products, all versions prior to R9.90 are affected. Successful exploitation of this vulnerability could cause the system to change to halt-mode, resulting in a denial-of-service condition. Emerson recommends users of the affected products update to newer versions. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

CISA Alert: Continued Exploitation of Pulse Secure Vulnerability

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has released an alert emphasizing that unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Pulse Secure disclosed the vulnerability and provided software patches in April 2019, but CISA continues to observe wide exploitation of the vulnerabilities. A remote, unauthenticated attacker can exploit this vulnerability to compromise a VPN server. The attacker may be able to gain access to all active users and their plain-text credentials.

Ryuk Ransomware Security Primer

The Multi-State Information Sharing and Analysis Center (MS-ISAC), a WaterISAC partner, has published a security primer on the Ryuk ransomware, which it describes as “one of the most prevalent variants in the state, local, tribal, and territorial government threat landscape. This product provides an overview of Ryuk’s phases of operation and offers a list of recommendations for government entities to adhere to prevent and limit the impact of a potential Ryuk ransomware compromise.

Siemens SCALANCE X (Update B) (ICSA-19-085-01) – Products Used in the Water and Wastewater and Energy Sectors

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 11, 2019

The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at NCCIC/ICS-CERT.

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update C) (ICSA-18-165-01) – Products Used in the Water and Wastewater and Energy Sectors

January 14, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

June 11, 2019

The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. NCCIC/ICS-CERT.

January 31, 2019

MITRE Releases ATT&CKTM for ICS as Common Lexicon for Industrial Cyber Defense Strategy

The MITRE Corporation, publisher of the widely revered ATT&CKTM Framework, has just released a new knowledge base, ATT&CKTM for Industrial Control Systems. Developed in collaboration with experts from ICS cybersecurity firm Dragos, ATT&CKTM for ICS categorizes public behaviors of malicious activity targeting critical OT infrastructure.

Pages

Subscribe to Cybersecurity