Cybersecurity

The NCCIC has released an advisory on path traversal and improper authentication vulnerabilities in Tridium Niagara. Niagara AX Framework version 3.8 and prior and Niagara 4 Framework version 4.4 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. Tridium has provided updates to address the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

As the TVA post highlights, company-wide awareness training has proven a success in their overall cyber resilience strategy. Email security firm, Mimecast shares a relevant post on the downsides to the lack of security awareness training and proposes a more balanced approach to prevent security fatigue. When evaluating current awareness programs, consider that security awareness should be convincing, engaging, and challenging – not obvious and boring.

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server, and Visual Studio. Microsoft.

Global technology consulting firm Accenture released their Cyber Threatscape Report 2018. The report highlights five key areas influencing the cyber threat landscape, including the expectation of Iran-based threat actors and groups to continue their malicious activity and increase capabilities for the foreseeable future, they also suggest the increased repurposing of popular malware could lead to the use of ransomware for destructive purposes by Iranian state-sponsored organizations.