August 30, 2018
The NCCIC has updated this advisory with additional details on the nature of the vulnerabilities, risk evaluation, affected products, and mitigation measures. This advisory was initially published on May 22 and and last updated on May 24. NCCIC/ICS-CERT.
May 24, 2018
In the latest development in how cyber criminals are evolving their means of trying to extort cash from victims, a group threatened to spread fake, negative reviews and complaints about companies unless they paid the group a fee. “We are experts in destroying personal or company reputation online,” the group, calling itself STD Company, wrote to its targets.
DARKReading has posted a seven step tutorial for how to start using Shodan, a search engine for discovering Internet-connected devices, including industrial control system devices part of water and wastewater utilities’ networks. Shodan can be a powerful tool for security professionals as they seek to understand where parts of their networks are observable to outsiders, and potentially vulnerable to their attacks. WaterISAC has encouraged its members to identify areas of their OT networks that are publicly accessible, lest adversaries do this first.
Tripwire has posted an article on the importance of considering, or rather not forgetting about legacy ICS equipment in the overall cyber resilience strategy. Originally designed to last for decades - a significantly longer lifespan than most modern technology - legacy equipment often lacks the ability to be updated/upgraded in place without the need to replace devices or completely overhaul the system.
With news this past week that security vulnerabilities that could expose customer data have been uncovered at three major wireless carriers, coupled with confirmation that T-Mobile customer data was exposed – including phone numbers - WIRED posts an article highlighting how the paradigm of using our phone numbers as “authenticators” puts us at greater risk.
Windows OS utilities like Powershell, PSExec, and other commonly available tools have made life easier for cyber threat actors. Symantec discusses this concept widely known as “living-off-the-land” that often provides attackers with greater benefits than creating their own malware. Malicious actors are taking advantage of these utilities to hide in plain sight as they know defenders often do not flag related activity for looking suspicious.
Although al Qa’ida is better known for its physical terror attacks than its cyber presence, it has practiced cyber terrorism and appears to be attempting to grow its capabilities in this area, according to an article in Small Wars Journal. Historically, the group’s cyber activities have been limited to using the Internet and social media to spread its jihad message as well as a few relatively minor attacks, such as website defacements.
People are creatures of habit, and predictable - these facets of our personalities are frequently taken advantage of by cyber threat actors looking to crack passwords from the latest data breach repository. Cybersecurity firm Rapid7 explains the password cracking process, and shows how users still create passwords with easily guessable, thus easily hackable, patterns. This post also highlights how these predictable patterns still allow miscreants to crack hashed/encoded passwords.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function. Yokogawa recommends users update or patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
August 21, 2018
The NCCIC has updated this advisory with additional details on mitigations. The original advisory was published on June 27, 2012. NCCIC/ICS-CERT.
June 27, 2012
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
