You are here

Home » Cybersecurity

Cybersecurity

Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC (ICSA-18-317-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper access control vulnerability in Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow a remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions. Siemens has released updates for the affected products and recommends users update to the newest version.

Hypponen’s Law: If It’s Smart, It’s Vulnerable

Mikko Hypponen, F-Secure’s Chief Research Officer, has a rule when it comes to electronic devices: “If it’s smart, it’s vulnerable.” Hypponen made this assertion over two years ago, and in that time it has become known as “Hypponen’s Law.” This law is becoming more applicable by the day, given the proliferation of smart technologies, which are increasingly present in both home and office environments, as well as in industrial settings.

When it Comes to Ransomware Demands, Just Say No

An article from Symantec explains why organizations that find themselves victims of ransomware should not pay the fees demanded by perpetrators. As noted by the author, security experts and law enforcement agencies, including the FBI, recommend that victims not give in to ransomware attackers’ demands, and yet they are aware many victims elect to pay. The author examines this recommendation in light of recent real-world ransomware attacks in which victims paid and didn’t pay.

Continued Use of Legitimate IT Tools for Malicious Intent - Analysis Report: JBoss Verify and EXploitation Tool (JexBoss)

Malicious threat actors commonly use legitimate IT network based tools against us – tools like Metasploit, PowerShell, PsExec, Nessus, and Shodan, that were originally developed to help defend and manage our networks. Following ongoing WaterISAC reporting, the NCCIC released an analysis report today illustrating the continued use of IT tactics, techniques, and procedures (TTPs) to gain footholds into our organizations.

Consumers Abandon Brands after Data Breaches, according to Survey

Ping Identity conducted a survey of more than 3,000 people across the U.S., the U.K., France, and Germany to understand consumer sentiments and behaviors toward brands impacted by data breaches. They survey found that 78% of respondents would stop engaging with a brand online and 36% would stop engaging altogether if the brand had experienced a breach. Additionally, nearly half (49%) would not sign up and use an online service or application that recently experienced a data breach.

When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame

A article by cybersecurity expert Troy Hunt observes that intrusions into networks and systems are often made possible by employees’ poor choice of passwords at the targeted organization, rather than the sophisticated exploit of vulnerable code often suggested when attacks are disclosed. Troy notes that the tendency today is to imply that there is no responsibility on behalf of the victim.

Hackers Attack Utility Companies’ IT Systems rather than ICS, according to Report

According to cyber threat detection and hunting firm Vectra’s Spotlight Report on Energy and Utilities, utility companies are more likely to have hackers target their IT systems than attack critical infrastructure. It noted there is a difference between attacks that probe IT networks for information and access about critical infrastructure versus attacks against ICS. "The two are interconnected, but the targeted assets are different," the report’s authors said. "Cyber-criminals have been testing and mapping-out attacks against energy and utilities networks for years.

NCCIC Security Tip: Website Security

The U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has produced a new Security Tip, Website Security. Website security refers to the protection of personal and organizational public-facing websites from cyber attacks, and the Security Tip discusses their impacts and numerous methods for defending websites against them.

Pages

Subscribe to Cybersecurity