You are here

Home » Cybersecurity

Cybersecurity

SMA Solar Technology AG Sunny WebBox (ICSA-19-281-01) – Product Used in the Energy Sector

CISA has published an advisory on a cross-site request forgery vulnerability in SMA Solar Technology AG Sunny WebBox. Versions 1.6 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and modify input parameters associated with devices such as sensors. This product is end-of-life and is no longer supported, but SMA has provided recommendations for mitigating the vulnerability.

Microsoft Releases October 2019 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Open Source Software, Microsoft Dynamics 365, and Windows Update Assistance. Read the update at Microsoft.

Microsoft Reports Cyber Attacks on Targeted Email Accounts

Microsoft warns that it has observed an Iranian group – referred to as “Phosphorus” – attempting to take control of email accounts by exploiting the password reset or account recovery features. According to Microsoft, Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts.

US and UK Government Agencies Release Advisories on Recent VPN Vulnerabilities

The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) have released advisories on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications, specifically those produced by Pulse Connect Secure, Fortinet, and Palo Alto Networks. According to the advisories, a remote attacker could exploit these vulnerabilities to take control of an affected system.

FBI: High-Impact Ransomware Attacks Threaten US Businesses and Organizations

The FBI’s Internet Crime Complaint Center (IC3) has released a Public Service Announcement (PSA) regarding the constantly evolving ransomware threat. According to the PSA, ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.

Make Yourself Accountable for Your Utility’s Cybersecurity

WaterISAC Lead Analyst Chuck Egli has written an article for the California Water Environment Association (CWEA) encouraging employees do their part to prevent cyber incidents at their utilities on the occasion of National Cybersecurity Awareness Month (NCSAM). Chuck highlights some of the actions employees should take given this year’s NCSAM theme of “Own IT. Secure IT. Protect IT.” These include measures for staying safe on social media, being prepared to spot and avoid phishing emails, and using WiFi in a secure manner.

Acting Director of National Intelligence Identifies “Cyber War” as Greatest Threat to the Country

Last Thursday, Acting Director of National Intelligence Joseph Maguire testified that cyber threats are the most significant risks the nation faces. “We do face significant threats, I’d say No. 1 is not necessarily kinetic, it’s cyber, this is a cyber war,” Maguire said while testifying before the House Intelligence Community, his first appearance before the body. Maguire made these comments after being asked by Representative Will Hurd what he saw as the “greatest threats” to the country in his capacity as leader of the intelligence community.

Pages

Subscribe to Cybersecurity