Cybersecurity

The NCCIC has published an advisory on an improper restriction of operations within the bounds of a memory buffer vulnerability in EZAutomation EZ PLC Editor. Versions 1.8.41 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. EZAutomation recommends users update to Version 1.9.0 or later and, to further reduce the risk, to use project files from known sources. The NCCIC also recommends a series of measures to mitigate the vulnerability.

According to insurance company AIG, business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim. According to statistics published by the company in July, which was for the EMEA (Europe, the Middle East, and Asia) region, BEC-related insurance filings accounted for nearly a quarter (23%) of all cyber-insurance claims the company received in 2018.

The NCCIC has published an advisory on a buffer overflow vulnerability in enteliBUS Controllers. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker on the same network to gain complete control of the device’s operating system and allow remote code execution. Delta Controls recommends users upgrade from enteliBUS 3.40 firmware to Version 3.40 R6 build 612850. Additionally, Delta Controls states it is important buildings are updated to the 3.40 R6 release to mitigate risk.

When internet giants Microsoft and Google make bold statistics about stopping greater than 99% of automated attacks by using multifactor authentication (MFA), it is probably a good idea to heed their advice. According to Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft, based on their studies, accounts are more than 99.9% less likely to be compromised when using MFA.