Cybersecurity

NREL EnergyPlus (ICSA-19-204-02) – Product Used in the Energy Sector

The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in National Renewable Energy Laboratory (NREL) Energy Plus. Version 8.6.0 and prior versions (potentially) are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition. It is recommended that users update the application to the latest available release, v9.0.1, or later. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.

Read more about NREL EnergyPlus (ICSA-19-204-02) – Product Used in the Energy Sector

Tips and Best Practices for Public WiFi Safety

The U.S. State Department’s Overseas Security Advisory Council (OSAC) has published a one page report on tips and best practices for maximizing personal security when using public WiFi networks. The OSAC product references a Norton report in which it was noted that 71% of consumers consider a strong WiFi signal a deciding factor when traveling rather than security considerations.

Read more about Tips and Best Practices for Public WiFi Safety

Building Resilience to Foreign Interference, Misinformation Activities

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has published a series of documents as part of its efforts to address and build resilience to foreign interference, particularly information activities (e.g., disinformation and misinformation). The first document, The War on Pineapple: Understanding Foreign Interference in 5 Steps, is intended to illustrate how information operations have been carried out in the past to sow divisions in the U.S.

Read more about Building Resilience to Foreign Interference, Misinformation Activities

5G Wireless Network Risk Factors

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an infographic providing an overview of the risk factors associated with the deployment of 5G technology, the next generation of wireless networks. 5G is expected to bring security improvements and a better user experience, but supply chain, deployment, network security, and competition and choice vulnerabilities may affect the security and resilience of networks.

Read more about 5G Wireless Network Risk Factors

Canadian Centre for Cyber Security Advisory on Fileless Malware

The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data. The U.S.

Read more about Canadian Centre for Cyber Security Advisory on Fileless Malware

Johnson Controls exacqVision Server (ICSA-19-199-01)

The NCCIC has published an advisory on an unquoted search path or element vulnerability in Johnson Controls exacqVision Server. This vulnerability impacts exacqVision server versions 9.6 and 9.8. Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their privileges. Johnson Controls recommends users upgrade to the latest product, version 19.03. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.

Read more about Johnson Controls exacqVision Server (ICSA-19-199-01)

CISA Encourages Utilities and Critical Infrastructure Operators to Review WaterISAC's 15 Cybersecurity Fundamentals

The U.S.

Read more about CISA Encourages Utilities and Critical Infrastructure Operators to Review WaterISAC's 15 Cybersecurity Fundamentals

Cyber Assessments Webinar 1: Introduction to the Process

On July 17, WaterISAC conducted the first webinar in its "Conducting Cyber Risk Assessments under AWIA" series. This kick-off webinar was intended to prepare a utility to complete a cybersecurity assessment.

Read more about Cyber Assessments Webinar 1: Introduction to the Process

IRS Releases Six Cybersecurity Safeguards

The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.

Read more about IRS Releases Six Cybersecurity Safeguards

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks.

Read more about NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

You are here

Cybersecurity

NREL EnergyPlus (ICSA-19-204-02) – Product Used in the Energy Sector

Tips and Best Practices for Public WiFi Safety

Building Resilience to Foreign Interference, Misinformation Activities

5G Wireless Network Risk Factors

Canadian Centre for Cyber Security Advisory on Fileless Malware

Johnson Controls exacqVision Server (ICSA-19-199-01)

CISA Encourages Utilities and Critical Infrastructure Operators to Review WaterISAC's 15 Cybersecurity Fundamentals

Cyber Assessments Webinar 1: Introduction to the Process

IRS Releases Six Cybersecurity Safeguards

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

Pages

You are here

Cybersecurity

Pages

Footer Email Signup