Despite the cyber criminals behind GandCrab having announced they are shutting down their operation, cybersecurity expert Brian Krebs observes that a growing body of evidence suggests they have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” In late April, researchers at Cisco Talos discovered the REvil ransomware strain being used to deploy GandCrab.
The FBI has issued a FLASH message advising on the release of a decryption tool applicable for all versions of the GandCrab ransomware. The FBI was part of the effort to make available the decryption tool, and it notes that it hopes the release of the master keys will facilitate development of additional decryption tools.
Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system.
The NCCIC has published an advisory on improper input validation and memory corruption vulnerabilities in Schneider Electric Floating License Manager. Versions 2.3.0.0 and earlier are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. Schneider Electric has made a fix for these vulnerabilities available for download on its website. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.
The NCCIC has published an advisory on an out-of-bounds write vulnerability in Schneider Electric Interactive Graphical SCADA System. IGSS Version 14 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution or crash the software. Schneider Electric recommends upgrading to Version 13.0.0.19140 or 14.0.0.19120. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.
The NCCIC has published an advisory on improper input validation and memory corruption vulnerabilities in Vijeo Citect and Citect SCADA Floating License Manager. Floating License Manager version 2.3.0.0 and earlier are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. AVEVA recommends impacted users upgrade to Floating License Manager (FLM) Version 2.3.1.0 as soon as possible. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.
The NCCIC has published an advisory on improper input validation and cryptographic issues vulnerabilities in Siemens SIMATIC RF6XXR. All versions prior to 3.2.1 of RF615R and RF68XR are affected Successful exploitation of these vulnerabilities could allow access to sensitive information. Siemens recommends users upgrade to Version 3.2.1 or newer for both affected products and restrict network access to the device. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.
The NCCIC has published an advisory on an improper access control vulnerability in TIA Administrator (TIA Portal). All versions prior to v1.0 SP1 Upd1 are affected Successful exploitation of this vulnerability could allow an execution of some commands without proper authentication. Siemens recommends users update to v1.0 SP1 Upd1 or later and restrict access to Port 8888/TCP to localhost (default). The NCCIC also advises of a series of measures for mitigating the vulnerability.
The NCCIC has published an advisory on heap-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics CNCSoft ScreenEditor. Versions 1.00.89 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta Electronics recommends users update to the latest version, Version 1.00.95, and restrict the interaction of the application to trusted files. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.
A recent post by world-renowned ICS cybersecurity expert, Ralph Langner describes why governance programs fail and offers practical solutions for this very valuable and tedious risk management program. This post provides complement material to WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, specifically 9. Develop and Enforce Cybersecurity Policies and Procedures (Governance).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
