The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published four new documents on its CISA Insights page. Each product provides a description of the threat, lessons learned, recommendations, and additional relevant resources. The new products are:
Developing plans for how utilities will respond to cyber incidents is critical for quick recovery and restoration from such events. An effective cyber incident response (IR) plan will limit damage and reduce recovery time and costs. Most importantly, the IR plan needs to be in place and tested before a cyber incident occurs; nonetheless, research reveals cyber incident response plans are still largely ineffective.
Awareness training is a key organizational risk strategy component to create and maintain a culture of cybersecurity, all personnel should receive regular, ongoing cybersecurity awareness training. Likewise, technical IT and OT personnel should participate in advanced training, and include red team/blue team exercises to practice and reinforce cybersecurity defense concepts and strategies.
TFlower has emerged as the latest ransomware targeting corporate environments, gaining entry into networks through exposed Remote Desktop Protocol (RDP) services. TFlower was actually discovered in August, and at the time it was thought to just be another generic ransomware. But TFLower activity is reported to be picking up. While TFlower’s rise in the ransomware environment may have come as a surprise, its method for infecting systems shouldn’t be.
CISA has released an advisory on an information exposure vulnerability in Honeywell Performance IP Cameras and Performance NVRs. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to view device configuration information. Honeywell has released firmware update packages for all affected products. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has released an advisory on improper restriction of excessive authentication attempts, information exposure, cross-site request forgery, and use of password hash with insufficient computational effort vulnerabilities in Siemens SINEMA Remote Connect Server. Versions prior to 2.0 SP1 are affected. Successful exploitation of these vulnerabilities may allow an attacker unauthorized access to the web interface, improper access to privileged user and device information, and may allow successful CSRF attacks.
CISA has released an advisory on code injection, command injection, stack-based buffer overflow, and improper authorization vulnerabilities in Advantech WebAccess. Versions 8.4.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system. Advantech has released Version 8.4.2 of WebAccessNode to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
Emotet started spewing out new spam emails yesterday after a period of inactivity that lasted nearly four months. As WaterISAC discussed in its August 27 Security and Resilience Update, researchers had observed Emotet’s command and control servers coming back to life.
MITRE has released the 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors list. It is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. MITRE notes these weaknesses are often easy to find and exploit and are dangerous because they frequently allow adversaries to completely take over execution of software, steal data, or prevent the software from working. Access the list at MITRE.
CISA has published an advisory on an improper input validation vulnerability in 3S-Smart Software Solutions GmbH CODESYS V3 Products Containing a CODESYS Communication Server. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition. 3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products. CISA also recommends a series of measures for mitigating the vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
