The city of College Station, Texas has recently suspended online utility payments due to a potential security issue with online payment processing provider Click2Gov.
CISA has published an advisory on improper input validation and memory corruption vulnerabilities in Flexera FlexNet Publisher. Versions 2018 R3 and prior are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Flexera recommends all users using affected versions of FlexNet Publisher upgrade to Version 2018 R4 or newer as soon as possible. CISA also recommends a series of measures to mitigate the vulnerabilities.
The DHS Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory reminding its partners to protect yourself from unwanted – and potentially harmful – files or programs by adhering to vendor-recommended configurations for hardware and software. It notes that doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible. CISA encourages users and administrators to review the following tips and guidance:
CISA has published an advisory on an authentication bypass using an alternate path or channel vulnerability in ABB Power Generation Information Manager (PGIM) and Plant Connect. All versions of both products are affected. Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and extract credentials from the device. ABB reports PGIM will transition to a limited support phase in January, 2020, and Plant Connect is already obsolete. Users are advised to upgrade to Symphony Plus Historian, which is not affected by this vulnerability.
CISA has published an advisory on an external control of assumed-immutable web parameter vulnerability in Siemens Desigo PX Devices. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s web server, requiring a reboot to recover the web interface. Siemens has an update available for some of the affected products and has identified specific workarounds and mitigations that users can apply to reduce risk for the others.
CISA has published an advisory on an improper input validation vulnerability in Siemens Mentor Nucleus Networking Module. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to affect the integrity and availability of the device. Siemens recommends installing software updates to address this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at WaterISAC.
Over the past few weeks, there have been reports of new exploits targeting the Windows Remote Desktop Protocol (RDP) “BlueKeep” vulnerability. BlueKeep was first disclosed in May and entails a bug in the Windows RDP that allows an attacker to gain remote code execution without any user interaction. Microsoft issued a patch for BlueKeep when the vulnerability was disclosed, and yet many Windows RDP users did not patch their systems, as research of conducted via Shodan has revealed.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Open Source Software, Microsoft Exchange Server, Visual Studio, and Azure Stack. Read the update at Microsoft.
As this holiday season approaches, the DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or attachments infected with malware or may send spoofed emails requesting support for fraudulent charities or causes. CISA encourages users to remain vigilant and take the following precautions:
CISA has published an advisory on a heap-based buffer overflow vulnerability in Fuji Electric V-Server. Versions 4.0.6 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed; several heap-based buffer overflows have been identified. Fuji Electric has released Version 4.0.7.0 to mitigate the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
