Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server. Read the update at Microsoft.
Meeting compliance requirements does provide a basic level of security, but for a comprehensive ICS risk management strategy, it is prudent to apply ICS-specific threat intelligence to go beyond the basics. ICS cybersecurity firm Dragos, Inc. stresses as the number of adversaries and ICS attacks increase, companies will greatly benefit from using real-life scenarios such as the CRASHOVERRIDE and TRISIS incidents to implement better defenses.
The NCCIC has published an advisory on user after free vulnerability in Schneider Electric Zelio Soft 2. Zelio Soft 2 versions 5.2 and prior are affected. Successful exploitation of this vulnerability could allow remote code execution through the opening of a specially crafted project file. Schneider Electric reports that version 5.3 of the affected software mitigates the reported vulnerability. The NCCIC also advises of a series of measures for mitigating this vulnerability.
The NCCIC has published an advisory on an improper access control vulnerability in Rockwell Automation PanelView 5510. All versions manufactured before March 13, 2019, that have never been updated to v4.003, v5.002, or later, are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the device. Rockwell Automation encourages users of the affected products to update to an available revision that addresses the vulnerability. The NCCIC also advises of a series of measures for mitigating this vulnerability.
The NCCIC has published an advisory on a use of hard-coded credentials vulnerability in Emerson DeltaV Distributed Control System. Versions 11.3.x and 12.3.x are affected. Successful exploitation of this vulnerability could allow an attacker to gain administrative access to DeltaV Smart Switches. Emerson recommends users patch affected products. The NCCIC also advises of a series of measures for mitigating this vulnerability. Read the advisory at CISA.
July 9, 2019
The NCCIC has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
February 12, 2019
Last week, U.S. Cyber Command issued an alert via Twitter about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in October 2017. U.S. Cyber Command recommends immediate patching, if not done already.
Paying ransom demands in the hopes of regaining access to critical data is controversial, to say the least. Succumbing to extortion goes against conventional advice and wisdom against incentivizing the cybercrime business model, but sometimes organizations feel they have no other choice and paying seems like the best option at the time. However, paying a ransom is not straightforward.
The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight – ACSC’s list of the top mitigation strategies to help organizations protect their systems against threats.
The NCCIC has published an advisory on an improper input validation vulnerability in KACE Systems Management Appliance. All versions of 8.0.x, 8.1.x, and 9.0.x are affected. Successful exploitation of this vulnerability could allow an administrative user unintentional access to the underlying operating system of the device. Quest recommends affected users upgrade to Version 9.1 or newer. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
