You are here

Home » Cybersecurity

Cybersecurity

Gemalto Sentinel UltraPro (ICSA-19-073-02)

The NCCIC has published an advisory on an uncontrolled search path element in Gemalto Sentinel UltraPro. Sentinel UltraPro Client Library ux32w.dll Versions 1.3.0, 1.3.1, and 1.3.2 are affected. Successful exploitation of this vulnerability could allow execution of unauthorized code or commands. Users who have Sentinel UltraPro Client Library ux32w.versions v1.3.0, v1.3.1 or v1.3.2 are advised to upgrade to Sentinel UtraPro v1.3.3 in order to enable this security update. The NCCIC also recommends a series of mitigating measures for this vulnerability.

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files (ICSA-19-073-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an out-of-bounds write vulnerability in LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. SCADA 4.1.0.4150 is affected. Successful exploitation of this vulnerability could allow remote code execution. LCDS recommends users update to Version 4.3.1.71. The NCCIC also recommends a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.

Proposed Legislation for IoT Cybersecurity

On Monday, Sen. Mark Warner, co-chair of the Senate Cybersecurity Caucus introduced a bill into the House and Senate that would require the U.S. government to purchase only IoT devices that meet minimum security requirements. If passed, the Internet of Things Cybersecurity Improvement Act of 2019 requires the National Institute of Standards and Technology (NIST) to develop recommendations to ensure efforts are made to standardize secure development, identity management, patching, and configuration management of IoT devices.

Incident Response is a Must for Cybersecurity Strategy

An organizational cybersecurity strategy is not complete without an incident response plan. In a recent post, cyber-defense firm Exabeam highlights three elements of incident response: people, processes, and technology/tools. The post discusses the people that should compose the incident response team, including cross-organizational stakeholders who develop and govern the incident response plan.

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update C) (ICSA-18-067-01) – Products Used in the Energy Sector

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. This advisory was initially published on March 29, 2018 and last updated on February 5, 2019. Read the advisory at NCCIC/ICS-CERT.

May 17, 2018

Tags: 
ics-cert siemens

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G) (ICSA-18-088-03) – Products Used in the Water and Wastewater and Energy Sectors

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 5, 2019

Tags: 
nccic ics-cert siemens

Pages

Subscribe to Cybersecurity