You are here

Home » Cybersecurity

Cybersecurity

Siemens SIMATIC Ident MV420 and MV440 Families (ICSA-19-162-02)

The NCCIC has published an advisory on improper privilege management and cleartext transmission of sensitive information vulnerabilities in Siemens SIMATIC Ident MV420 and MV440 Families. All versions of both products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to escalate privileges and view data transmitted between the device and the user. Siemens has identified specific workarounds and mitigations to reduce the risk. The NCCIC also advised on a series of mitigating measures for the vulnerabilities.

Siemens Siveillance VMS (ICSA-19-162-01)

The NCCIC has published an advisory on improper authorization, incorrect user management, and missing authorization vulnerabilities in Siemens Siveillance VMS. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker with network access to Port 80/TCP to change device properties, user roles, and user-defined event properties. Siemens has released updates to address the vulnerabilities. The NCCIC also advised on a series of mitigating measures for the vulnerabilities.

Report - SANS 2019 State of OT/ICS Cybersecurity Survey

Looking for justification to increase funding and support for OT/ICS cybersecurity initiatives? Challenged by decision makers to prove the need for additional resources? Wonder other questions like:

How does your company’s/utility’s perception of ICS risk compare to that of other organizations?

How are other asset owners defining the boundaries between OT systems and external systems?

How do your ICS security roadblocks compare to others?

15 Steps to Keep Foes from Hacking and Hurting Our Water Infrastructure

WaterISAC is pleased to share that Homeland Security Today featured an article on our newly released 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. The article includes the list and bite-size description of each fundamental for a quick overview. From performing asset inventories to participating in information sharing communities, such as WaterISAC, each section of the guide provides standard practices and supporting resources to help organizations secure OT and IT systems.

Microsoft Releases June 2019 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Skype for Business and Microsoft Lync, Microsoft Exchange Server, and Azure. Read the update at Microsoft.

IRS Warns of New Tax Scams

The Internal Revenue Service (IRS) has issued a reminder urging consumers to look out for two new variations of tax-related phone and email scams. The phone scam involves pre-recorded messages threatening to suspend or cancel a victim’s Social Security number, and the email phishing scam involves a fake agency – the “Bureau of Tax Enforcement” – claiming that the victim owes past due taxes. For the phone scam, the IRS notes it does not leave pre-recorded, urgent, or threatening messages.

Cyber Actors Exploit ‘Secure’ Websites in Phishing Campaigns

The FBI’s Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing – a scheme which lures email recipients into visiting malicious websites that look legitimate and secure. More specifically, websites with addresses that start with “https” and with the lock icon are supposed to provide privacy and security to visitors. Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon.

Panasonic Control FPWIN Pro (ICSA-19-157-02)

The NCCIC has published an advisory on heap-based buffer overflow and type confusion vulnerabilities in Panasonic Control FPWIN Pro. Versions 7.3.0.0 and prior are affected. Successful exploitation of these vulnerabilities could crash the device and allow remote code execution. Panasonic recommends users upgrade to FPWIN Pro Version 7.3.1.0 or newer. The NCCIC also advises of a series of mitigating measures. Read the advisory at WaterISAC.

Optergy Proton Enterprise Building Management System (ICSA-19-157-01)

The NCCIC has published an advisory on information exposure, cross-site request forgery, unrestricted upload of file with dangerous type, open redirect, hidden functionality, exposed dangerous method or function, and use of hard-coded credentials vulnerabilities in Optergy Proton Enterprise Building Management System. Versions 2.3.0a and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and gain full system access. Optergy recommends a series of steps to mitigate the vulnerabilities.

FBI PIN: Cyber Actors Leveraging Malvertising with Hybrid Obfuscation Techniques to Deliver Malware

The FBI has published a Private Industry Notification noting that it has observed cyber actors leveraging malicious advertising (malvertising) with hybrid techniques such as digital steganography and fileless malware to evade detection and improve computer intrusion capabilities. These techniques often take advantage of administrative tools such as PowerShell, which are already present on a victim’s system.

Pages

Subscribe to Cybersecurity