Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Microsoft Exchange Server. Microsoft.

Read more about Microsoft Releases October 2018 Security Update

Who’s Willing to Pay for Supply Chain Security?

In the past week, the NCCIC released two technical alerts (TA18-276A and TA18-276B) and Bloomberg published an article about cyber threats that had exploited vulnerabilities in supply chains.

Read more about Who’s Willing to Pay for Supply Chain Security?

National Cybersecurity Awareness Month: Careers in Cybersecurity

The theme for this week of National Cybersecurity Awareness Month is “Careers in Cybersecurity,” which seeks to provide advice and resources to those seeking careers in cybersecurity and organizations in need of cybersecurity personnel and expertise. The unprecedented demand for well-trained cybersecurity workers continues to grow. Some experts predict that there will be a global shortage of two million cybersecurity professionals by next year.

Read more about National Cybersecurity Awareness Month: Careers in Cybersecurity

The Bigger the Company, the Messier the Password Practices

A new report from password management company LogMeIn finds that the bigger the enterprise, the bigger the problem when it comes to managing passwords. The company’s recently released Global Password Security Report scores its 43,000 customers on password strength, reuse, and use of multi-factor authentication. While the average score equaled a 52 out of 100 — a score LogMeIn considers to be good — the numbers generally showed the larger the company, the lower the average security score.

Read more about The Bigger the Company, the Messier the Password Practices

WECON PI Studion (ICSA-18-277-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on stack-based buffer overflow, out-of-bounds write, information exposure through XML external entity reference, and out-of-bounds read vulnerabilities in WECON PI Studio. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior are affected. Successful exploitation of these vulnerabilities may allow remote code execution, execution of code in the context of an administrator, read past the end of an allocated object or allow an attacker to disclose sensitive information under the context of administrator.

Read more about WECON PI Studion (ICSA-18-277-01) – Product Used in the Water and Wastewater and Energy Sectors

UK Exposes “Reckless Campaign” by Russian Government Actors

Today, the United Kingdom announced it and its allies had exposed a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting a variety of institutions.

Read more about UK Exposes “Reckless Campaign” by Russian Government Actors

FTC Issues Alert on Recent Facebook Breach

The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media platform.

Read more about FTC Issues Alert on Recent Facebook Breach

You are here

Cybersecurity

Siemens SIMATIC WinCC OA Operator IOS App (Update A) (ICSA-18-109-01) – Products Used in the Water and Wastewater and Energy Sectors

Siemens Medium Voltage SINAMICS Products (Update A) (ICSA-18-128-01) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A) (ICSA-18-226-01) – Products Used in the Water and Wastewater and Energy Sectors

Microsoft Releases October 2018 Security Update