You are here

Home » Cybersecurity

Cybersecurity

Still Struggling with Passwords – SecureIT. with Stronger Passwords

It is no secret that passwords alone are not the best method to safeguard our digital assets, especially weak passwords. Password hygiene is a leading topic any time of year, but as NCSAM continues it is a good time for another reminder for organizations to do better to protect data they are entrusted. Password security firm LastPass recently published its’ 3rd Annual Global Password Security Report which highlights how employees’ continued poor password habits weaken the overall organizational security posture.

Siemens SIMATIC WinCC and PCS7 (Update C) (ICSA-19-192-02) – Product Used in the Water and Wastewater and Energy Sectors

October 10, 2019

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the update at CISA.

September 10, 2019

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

August 13, 2019

Siemens SIMATIC PCS 7, WinCC, TIA Portal (Update D) (ICSA-19-134-08) – Products Used in the Water and Wastewater and Energy Sectors

October 10, 2019

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

September 10, 2019

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

August 13, 2019

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I) (ICS-CERT Advisory 16-313-02) – Product Used in Energy and Water and Wastewater Systems Sectors

October 10, 2019

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the update at CISA.

January 28, 2018

ICS-CERT has updated this advisory with additional details on affected products and mitigation measures. ICS-CERT.

June 20, 2017

Tags: 
ics-cert siemens

Make the Most Out of National Cybersecurity Awareness Month with Free Resources from DHS

As part of National Cybersecurity Awareness Month (NCSAM), the U.S. Department of Homeland Security has recently released a variety of new resources to raise awareness and provide partners with the information and tools to enhance cybersecurity at the home and in the workplace. These resources include guides that pertain to this year’s NCSAM theme of “Own IT. Secure IT.

ACSC Releases Small Business Cybersecurity Guide

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide for small businesses. The guide provides checklists to help small business protect themselves against common cybersecurity incidents. The ACSC also has a suite of other resources for small businesses, including “step-by-step” guides for backing up and restoring a computer and turning on automatic updates and “quick wins” documents for portable device and website security. For these resources, refer to the Small Business Cyber Security suite at cyber.gov.au. 

iTerm2 Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2019-9535) affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system.

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D) (ICSA-18-079-02) – Products Used in the Water and Wastewater and Energy Sectors

October 8, 2019

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

May 14, 2019

The NCCIC has updated this advisory with additional information on the technical details of the vulnerability and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

Tags: 
ics-cert siemens

Siemens SIMATIC IT UADM (ICSA-19-281-04)

CISA has published an advisory on a use of hard-coded cryptographic key vulnerability in Siemens SIMATIC IT Unified Architecture Discrete Manufacturing (UADM). All versions prior to 1.3 are affected. Successful exploitation of this vulnerability could allow an attacker to gain read and write access to the related TeamCenter station. Siemens recommends users update to Version 1.3. CISA also recommends a series of measures for mitigating the vulnerability. Read the advisory at CISA.

GE Mark Vle Controller (ICSA-19-281-02) – Product Used in the Energy Sector

CISA has published an advisory on improper authorization and use of hard-coded credentials vulnerabilities in GE Mark Vle Controller. All versions of the GE Mark VIe Controller are affected by at least one of the vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to create read/write/execute commands within the Mark VIe control system. GE has provided recommendations for mitigating the vulnerabilities. CISA also recommends a series of measures for mitigating the vulnerabilities.

Pages

Subscribe to Cybersecurity