October 24, 2019
CISA has updated this advisory with additional technical details on the affected products and mitigation measures. Read the advisory at CISA.
February 26, 2019
The FBI’s Portland, Oregon office has published an advisory providing a background of and tips for defending against e-skimming. E-skimming occurs when cyber criminals inject malicious code onto a website. The threat actor may have gained access via a phishing attack targeting employees – or through a vulnerable third-party vendor attached to a company’s server. Organizations that need to be especially wary of this kind of activity include those that take credit card payments online, as threat actors can capture credit card data in real time as the user enters its.
WaterISAC Cybersecurity Risk Analyst Jennifer Walker has written an article for Homeland Security Today in which she reinforces how the theme for this year’s National Cybersecurity Awareness Month – “Own IT. Secure IT. Protect IT” – focuses on personal accountability and proactive behavior. She delves into the importance of creating and managing secure passwords, noting the poor record, generally speaking, when it comes to password hygiene.
CISA has published an advisory on code injection, improper restriction of operations within the bounds of a memory buffer, and uncontrolled search path element vulnerabilities in Schneider Electric ProClima. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. All versions prior to 8.0.0 are affected. Schneider Electric has released Version 8.0.0 of ProClima and recommends users upgrade to this version or newer. Additionally, CISA recommends a list of actions to mitigate this vulnerability.
CISA has published an advisory on improper input validation and out-of-bounds write vulnerability in Horner Automation Cscape. Cscape 9.90 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed, which may allow the attacker to access information and execute arbitrary code. Horner Automation recommends affected users update to Cscape Version 9.90 SP1 or later. Additionally, CISA recommends a list of actions to mitigate this vulnerability.
Firefox is the only browser that received top marks in a recent audit carried out by Germany's cyber-security agency – the German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik – BSI). The BSI tested Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11, and Microsoft Edge 44. The tests did not include other browsers like Safari, Brave, Opera, or Vivaldi. The audit was carried out using rules detailed in a guideline for "modern secure browsers" that the BSI published last month, in September 2019.
The DHS Cybersecurity and Infrastructure Security Agency have released an alert noting that Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems on January 14, 2020. After this date, these products will no longer receive free technical support, or software and security updates. CISA offers a list of steps organizations can take to mitigate the effects of end-of-support. Read the alert at CISA.
What do people have to do with cybersecurity? In a word, everything. Reports consistently cite over 90% of cyber attack exploits target humans over system vulnerabilities. As stated by one of the world’s most notorious hackers, Kevin Mitnick (now Chief Hacking Officer at KnowBe4), it is easier to get someone to “reveal” something than it is to “hack” into their system.
The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network (VPN). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent threat (APT) actors. The DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the resources for more information and to apply the necessary updates.
Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The DHS Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle October 2019 Critical Patch Update and apply the necessary updates.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
