The Australian Signals Directorate (ASD), Australia’s closest counterpart to the U.S.’s National Security Agency (NSA), has published its process for disclosing cyber vulnerabilities. ASD’s process starts with the assertion that its default position is to disclose all vulnerabilities it discovers, so that vendors can develop and issue patches.
ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The NCCIC encourages users and administrators to review the ASUS article for more information. The article includes a security diagnostic tool that users can run on their device to determine whether it is affected.
The NCCIC has published an advisory on a missing authentication for critical function vulnerability in ENTTEC Lighting Controllers. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could reboot this device allowing a continual denial of service condition. ENTTEC recommends users upgrade to the March 2019 revB firmware or later. The NCCIC also offers a series of measures to address this vulnerability.
The NCCIC has published an advisory on a command injection vulnerability in Phoenix Contact RAD-80211-XD. RAD-80211-XD (2885728) and RAD-80211-XD/HP-BUS (2900047) are affected. Successful exploitation of this vulnerability could allow an attacker to execute system level commands with administrative privileges. Phoenix Contact recommends a series of measures to mitigate this vulnerability. The NCCIC also offers a series of measures to address this vulnerability.
On Friday, news was released that two more industrial firms were impacted by LockerGoga. American chemical companies Hexion and Momentive announced they had fallen victim on March 12. Momentive has since ordered hundreds of new computers to replace the infected ones, according to the CEO. In additional recovery efforts, some Momentive employees have been given new email accounts on a new corporate domain. Cybersecurity firm FireEye states they have dealt with several LockerGoga attacks at other unnamed industrial and manufacturing firms.
A digital marketing and software company fired one of its IT employees after a month of unsatisfactory performance. The ex-employee responded by stealing the login credentials of a former colleague and deleting the company’s information on 23 Amazon Web Services (AWS) servers. The company was never able to regain the data and lost big contracts a result; authorities estimate its losses amounted to about $700,000. It took months to track down the culprit who, by the time of his arrest, was working for a different company.
Beazley Breach Response Services has published a report with its analysis of the more than 3,300 data incidents it investigated in 2018. Among other highlights, the report notes that 71% of ransomware attacks targeted small-to-medium sized companies (SMBs). The report also observed that the average ransomware demand in 2018 was more than $116,000, although this was skewed by some very large demands. The median was $10,310. The highest demand received among the cases investigated by Beazley was for $8.5 million – the equivalent of 3,000 Bitcoin at the time.
An interview with Atlanta Chief Information Officer (CIO) Gary Brantley highlights some of the changes the city implemented in the wake of an attack by the SamSam ransomware. The advanced attack, which the U.S. Department of Justice alleges was conducted by two Iranian men, affected computers and systems across Atlanta’s city government. “The first order of business was to get the environment back up to where it needed to be,” said Brantley.
A researcher from cybersecurity company Rapid7 has published the results of six months of research into whether businesses that sell refurbished computers or accept donated items follow through on their promises to wipe them of data. With a total of $600, he bought 41 computers, 27 removable media devices (e.g., flash drives and memory cards), 11 hard disks, and 6 cell phones. While he could not get any extract any data from the cell phones (due mostly to their age), only two out of the 85 other devices had been erased properly.
A just released report from Recorded Future observes that eight out of ten vulnerabilities exploited via phishing attacks, exploit kits, or remote access trojans targeted Microsoft products. This was the second year in a row in which Microsoft was targeted the most. In 2017, seven of the top ten vulnerabilities affected Microsoft. The top exploited vulnerability on Recorded Future’s list, CVE-2018-8174, a Microsoft Internet Explorer vulnerability nicknamed “Double Kill,” was included in four exploit kits (RIG, Fallout, KaiXin, and Magnitude).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
