March 5, 2019
The NCCIC has updated this advisory with additional information on mitigation measures. Read the advisory at NCCIC/ICS-CERT.
February 7, 2019
The NCCIC has published an advisory on a cross-site scripting vulnerability in PSI GridConnect Telecontrol. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to execute dynamic scripts in the context of the application, which could allow cross-site scripting attacks. PSI recommends users of affected devices update their devices to a version where this vulnerability is patched. The NCCIC also advises on a series of measures for mitigating this vulnerability.
FireEye Mandiant has just released M-Trends 2019, its annual report on major trends it observed over the past year. One of the trends noted in the report is the significant increase in governments publicly attributing attacks to threat actors, which are oftentimes other nations. FireEye Mandiant is well known for reporting on malicious cyber activity by advanced persistent threat (APT) actors, many of which it indicates are associated with nations.
Patching is a fundamental process of every OT/ICS vulnerability management strategy. Determining which patches to (or not) apply is crucial to addressing known exploits. But how are you addressing vulnerabilities that do not (or will never) have a patch? Ralph Langner, arguably the world's foremost expert on Stuxnet, posits that the worst OT/ICS vulnerabilities will never be disclosed, let alone patched. Therefore, solely relying on public vulnerability disclosures will result in gaps in your protection strategy. Mr.
National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.
An article from Privacy PC discusses the types of IP spoofing, the kinds of attacks it’s used for, and how to protect yourself against this activity. IP spoofing is the name given to what might otherwise be called IP forgery or IP fraud. It’s a process whereby an attacker uses a fake IP address to hide their identity and carry out things like Distributed Denial of Service (DDoS) attacks and identity thefts.
In its most recent Threat Landscape Report, cybersecurity firm Netscout reports the second half of 2018 “revealed the equivalent of attacks on steroids” with greatly increased attacks on Internet of Things (IoT) devices and Distributed Denial of Service (DDoS) attacks. Specifically, it found IoT devices are under attack five minutes after being plugged in and targeted by specific exploits within 24 hours.
ICS security company Dragos has announced a series of upcoming webinars on recent annual reports it issued.
In its just released X-Force Threat Intelligence Index, IBM summarizes the most prominent threats raised by its research teams from over the past year Some of the major shifts IBM observed include decreased reliance on malware, and on ransomware in particular, and increased numbers of cryptojacking attacks - the illegal use of an organization's or individual's computing power without their knowledge to mine cryptocurrencies - and business email compromise (BEC) scams.
In a recent article, threat analysts from Dragos respond to a series of questions they received from members of the information security and IT communities on the topic of industrial control systems (ICS) security. The analysts answered questions about the differences between IT and OT security operations skill sets, how to scan ICS environments during assessments, and the ICS threats that keep them up at night, among others.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
