You are here

Home » Cybersecurity

Cybersecurity

Omron CX-One CX-Protocol (ICSA-19-010-02)

The NCCIC has published an advisory on a type confusion vulnerability in Omron CX-One CX-Protocol. Versions 2.0 and prior are affected. Successful exploitation of the vulnerability could allow an attacker to execute code under the privileges of the application. Omron has released an updated version of CX-One to address the vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.

Pilz PNOZmulti Configurator (ICSA-19-010-03)

The NCCIC has published an advisory on a type confusion vulnerability in Pilz PNOZmulti Configurator. All versions prior to 10.9 are affected. Successful exploitation of this vulnerability could allow sensitive data to be read from the system. Pilz has discontinued the PMI m107 diag HMI device and the function concerned was removed in PNOZmulti Configurator Version 10.9. Pilz has provided a list of steps (listed on the NCCIC advisory) to mitigate this vulnerability. The NCCIC also advises on a series of mitigating measures for this vulnerability.

Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4 (ICSA-18-333-02)

The NCCIC has published an advisory on a cross-site scripting vulnerability in Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4. Numerous products and versions are affected. Successful exploitation of this vulnerability could allow an authenticated user to inject client-side scripts into some web pages that could then be viewed by other users. Tridium recommends that affected users upgrade to the latest versions of the software. The NCCIC also advises on a series of mitigating measures for this vulnerability.

Global Survey Reveals Widespread Concerns of Cyber Attacks and Skepticism about Preparedness

The results of a recent survey by the Pew Research Center show that people in multiple countries think it is likely that government data, public infrastructure, and elections will be targeted by future hacks. Opinion is mixed, however, on whether their nations are prepared for such events. The results revealed that in the 26 countries included in the survey, 74% believe it is likely their country’s sensitive national security information would be accessed, 69% think it is likely that public infrastructure would be damaged, and 61% believe elections would be tampered with.

Top Cybersecurity Conferences for 2019

Tripwire has assembled a list of what it assesses to be the top information security conferences for 2019. The Amazon Web Service “RE:INFORCE” conference (June 25-26 in Boston, MA) has separate tracks intended for security engineers as well as C-suite executives. THOTCON (May 3-4 in Chicago, IL) will address topics that include industrial control systems and the Internet of Things.

Small to Midsize Business WiFi Done Right: Seven Best Practices that Are Seldom Followed

An article in BetaNews describes seven best practices for small to midsize businesses (SMBs) employing WiFi that are meant to overcome problems that have been frequently observed by security experts. The best practices include setting up separate SSIDs for staff and guests, choosing a single WiFi vendor for a given site, and turning off obvious sources of interference. For these and ther other recommended measures, the article includes detailed explanations of why and how they should be employed.

Schneider Electric Zelio Soft 2 (ICSA-19-008-01)

The NCCIC has published an advisory on a use after free vulnerability in Schneider Electric Zelio Soft 2. Versions 5.1 and prior are affected. Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project file. Schneider Electric has released Version 5.2 of the affected software and a security notification. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.

Director of National Intelligence Group Launches Campaign to Help Private Industry Guard against Threats from Nation State Actors

The National Counterintelligence and Security Center, an entity within the Office of the Director of National Intelligence, has launched a campaign of disseminating videos, brochures, and other informative materials to help organizations guard against growing threats from foreign intelligence entities and other adversaries. One of the categories of materials for this program is “Know the Risk, Raise Your Shield,” which is intended to raise awareness among organizations and equip them with best practices for protecting their data, assets, technologies, and networks.

Pages

Subscribe to Cybersecurity