Late last week, the White House announced a new national cybersecurity strategy intended to improve the defensive postures of federal and private sector networks and systems. The strategy is comprised of four overarching pillars, each of which consists of a series of actions.
The NCCIC has released an advisory on a missing authentication for critical function vulnerability in Tec4Data Smart Cooler. All versions prior to firmware 180806 are affected. Successful exploitation of this vulnerability could cause the device to shut down by exploiting missing authentication for a critical function. Tec4Data has released new firmware to address the vulnerability and has distributed the new firmware to affected devices. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Rockwell Automation RSLinx Classic. Versions 4.00.01 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed or allow arbitrary code execution on the device. Rockwell Automation has released a new version of the software and also reports that users can disable Port 44818 if it is not utilized during system operation. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The FBI’s Internet Crime Complaint Center (IC3) has released a Public Service Announcement (PSA) noting it has has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. According to the PSA, cyber criminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cyber criminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in WECON PLC Editor. For SCALANCE X300 and X408, all versions prior to 4.0.0 are affected. Version 1.3.3U is affected. Successful exploitation of this vulnerability could result in unauthorized code execution within the current process. WECON has verified the vulnerability but has not yet released an updated version. All users should limit application interaction to only trusted files and update software to the latest version as updates become available.
September 18, 2018
The NCCIC has updated this advisory with additional details on the vulnerability and mitigation measures. NCCIC/ICS-CERT.
July 19, 2018
According to a recent Crowdstrike study, two-thirds of organizations across a wide variety of sectors experienced a software supply chain attack in the past 12 months. Adversaries have turned to this attack vector because traditional cybersecurity solutions that protect the network perimeter are advancing to the point they have had to find other ways to infiltrate an enterprise.
Businesses, especially large ones, usually have more than one department registering new domains. In theory, the people who register a site are responsible for it, but those one-off chores can get eclipsed by more urgent tasks. Well before a registration expires, people might change positions or quit the job. An abandoned site might simply not seem like a pressing matter. And so they remain on an organization’s website until their registration expires and they go back on the market. What can go wrong? An abandoned website is actually rife with possibility for cyber criminal mischief.
Recent natural disasters have shown that cyber threat actors are still attempting to exploit the charitable inclinations of people following these adverse events for their financial gain. A common ploy is a phishing email that pretends to promote the relief effort, with the intent of enticing the victim into credential theft or endpoint infection. Cybersecurity firm Cofense Intelligence, which claims to have analyzed much of this activity, provides an example of a campaign executed in the aftermath of the hurricanes that recently impacted Hawaii.
The NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
