Cybersecurity

CISA has published an advisory on a use of obsolete function vulnerability in Omron CX-Supervisor. Versions 3.5 (12) and prior are affected. Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability. Omron recommends users update to CX-Supervisor 3.51 (9). CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has just released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool intended to guide asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.

CISA has published an advisory on an improper input validation vulnerability in Honeywell equIP series IP cameras. Honeywell reports the vulnerability affects the equIP series IP camera products listed fully Honeywell security notification 2019-09-13 01. Successful exploitation of this vulnerability could result in denial-of-service conditions. Honeywell has released firmware update packages for all affected products listed above. CISA also recommends a series of measures to mitigate the vulnerability.

The FBI’s Portland, Oregon office has published an advisory discussing the use of virtual private networks, or VPNs. For those who use public WiFi networks for business or personal computing, VPNs are an incredibly important tool as they render traffic that could otherwise be intercepted by a third party – potentially a malicious actor – as unreadable. Given that there are many different types of VPNs on the market, the FBI offers a series of tips to assist in decisions about which one to choose.