You are here

Home » Cybersecurity

Cybersecurity

CISA Malware Analysis Report on Recent North Korean Activity: “HOPLIGHT”

The DHS Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) on recent malicious cyber activity attributed to the North Korean government. This activity, referred to as “HOPLIGHT,” involves Trojan malware variants. The MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch) and give the activity the highest priority for enhanced mitigation.

Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems

The DHS Cybersecurity and Infrastructure Agency (CISA) has published a document on cybersecurity best practices for operating commercial unmanned aircraft systems (UASs). In the document, CISA explains that while UASs offer benefits, they can also pose cybersecurity risks that necessitate caution on the part of operators. The document is intended to assist an organization with standing up or securing an existing program and is meant for information technology managers and personnel involved in UAS operations.

PHOENIX CONTACT Automation Worx Software Suite (ICSA-19-302-01)

CISA has published an advisory on an improper input validation vulnerability in PHOENIX CONTACT Automation Worx Software Suite. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of an application programming workstation. Automated systems programmed using one of the affected products are not impacted. Phoenix Contact is in the process of developing an updated version of this product.

Incident Response Ransomware: Part One

TrustedSec has published the first blog in what it says will become a three-part series on responding to a ransomware incident. Part one provides an introduction into what ransomware is, how it works, and how it spreads to systems within an organization. It also describes different types of ransomware and variations of ransomware tactics. While part two in this series will go more into the attack kill chain, this first segment provides an overview of the sequence of events that occur during infection. Part two will also discuss more of the ways to detect, protect, and prevent ransomware.

Building a Culture of Cyber Preparedness

Daniel Kaniewski, the deputy administrator for resilience at FEMA, has written an article on the importance of incorporating cybersecurity into overall preparedness efforts. He discusses FEMA’s coordination with the DHS Cybersecurity and Infrastructure Security Agency (CISA) and other efforts undertaken by his organization in this area, which include investments of over $165 million in grant funding to state and local jurisdictions. He also notes that next year’s national level exercise (NLE) – NLE 2020 – will feature a major cyber attack scenario.

Australian Advisory on Emotet Malware Campaign

The Australian Cyber Security Centre (ACSC) has released an advisory on an ongoing, widespread Emotet malware campaign. In its advisory, ACSC notes the malicious emails used in this campaign are designed to spread across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies. The advisory provides indicators of compromise (IOCs) and recommendations to help organizations defend against Emotet.

Honeywell IP-AK2 (ICSA-19-297-02) – Product Used in the Energy Sector

CISA has published an advisory on a missing authentication for critical function vulnerability in Honeywell IP-AK2. Versions 1.04.07 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to download configuration files directly through a URL without authentication, exposing configuration and authorized visitor information. Honeywell released new firmware Version 1.04.15 and recommends affected users contact Honeywell customer support to resolve the issue. CISA also recommends a list of actions to mitigate this vulnerability.

Rittal Chiller SK 3232-Series (ICSA-19-297-01) – Product Used in the Energy Sector

CISA has published an advisory on missing authentication for critical function and use of hard-coded credentials vulnerabilities in Rittal Chiller SK 3232-Series. The Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4 is affected. Successful exploitation of these vulnerabilities could disrupt the primary operations of the affected component, shut down cooling to other equipment, and allow changes to the temperature set point. CISA recommends users of the product contact Rittal directly for information about mitigating these vulnerabilities.

Pages

Subscribe to Cybersecurity