The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).
All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free technical support for any issues, software updates, and security updates or fixes. Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.
March 21, 2019
The NCCIC has published an advisory on cross-site scripting, path traversal, improper authentication, improper input validation, and code injection vulnerabilities in Columbia Weather Systems MicroServer. Weather MicroServer firmware Version MS_2.6.9900 and prior are affected. Successful exploitation of these vulnerabilities may allow disclosure of data, cause a denial-of-service condition, and allow remote code execution. Columbia Weather Systems has released a firmware update, Version: MS_2.7.9973, that addresses all of the vulnerabilities.
The NCCIC has published an advisory on an uncontrolled search path element in AVEVA InduSoft Web Studio and InTouch Edge HMI. InduSoft Web Studio versions prior to v8.1 SP3 and InTouch Edge HMI versions prior to 2017 Update 3 are affected. Successful exploitation of this vulnerability could allow execution of unauthorized code or commands AVEVA recommends that users upgrade to the latest versions. The NCCIC also recommends a series of mitigating measures for this vulnerability.
Malvertising – malicious online ads often requiring zero user interaction to infect unsuspecting website visitors. Cybersecurity firm Avast discusses how the current scourge of malvertising appears to be more dynamic, stealthy, and persistent than historically observed. Malicious ads are often invisible and embedded into well-known websites through online advertising networks.
Phishers are not a very creative lot. They do not have to be. Malicious actors have been using the same phishing tactics because the same tactics are still successful, even after all these years. After analyzing 360,000 phishing emails over three months, cybersecurity firm Barracuda Networks identified the most common subject lines used in targeting businesses. These subjects highlight how cyber criminals continue to use social engineering to coerce us through a false sense of urgency and trust to succumb to their requests.
Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information. The NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on the TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation.
The NCCIC has published an advisory on a path traversal vulnerability in PEPPERL+FUCHS WirelessHART-Gateways. All WHA-GW-* products are affected. Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters. PEPPERL+FUCHS reports that affected users with WHA-GW-*-ETH devices should upgrade to firmware Version 03.00.08. Affected users with WHA-GW-*-ETH.EIP devices should upgrade to firmware Version 02.00.01.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
