Drupal has released a security update addressing a vulnerability in Drupal 8.x. A remote attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. NCCIC/US-CERT
The FBI has released an article on building a digital defense against a fraud that uses Facebook’s texting app—Facebook Messenger. Scammers send messages that appear to be from trusted sources or trick users into clicking on malicious links or sharing personal information. Before clicking on links, users should verify the validity of the message with the sender outside of the app.
The FBI has released a new Public Service Announcement (I-080218-PSA) on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). The FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities to further perpetuate fraud and other illegal activity.
While the value of asset inventory usually goes unchallenged, it is still surprising how few organizations are doing it effectively. World renowned Stuxnet and ICS cybersecurity expert, Ralph Langner discusses the importance of OT/ICS asset inventory, along with the differences between passive scanning and selective probing. Mr. Langner concisely describes what is technically meant by passive scanning, as well as its limitations, including devices and characteristics that will likely not be detected.
ICS cybersecurity firm Dragos is tracking a threat group they dub RASPITE, that is currently actively targeting U.S. electric organizations. RASPITE’s primary focus is on ICS-operating entities; however, the group has not yet demonstrated any capability to disrupt or destroy ICS-specific operations. The group’s primary tactics include strategic web compromise (a.k.a., watering hole) and Windows credential harvesting.
The NCCIC has released an advisory regarding a vulnerability of an improper restriction of operations within the bounds of a memory buffer in AVEVA Wonderware License Server. The vulnerability affects Wonderware License Server v4.0.13100 and prior using the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior); only users with the Counted Licenses feature with “ArchestrAServer.lic” are affected. Successful exploitation of this vulnerability may result in remote code execution with administrative privileges.
The NCCIC has released an advisory regarding a cross-site scripting (XSS) vulnerability in AVEVA InTouch Access Anywhere remote access software. The vulnerability affects AVEVA InTouch Access Anywhere, 2017 Update 2 and prior that use vulnerable jQuery libraries prior to version 3.0.0. Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code due to improper neutralization of input during web page generation.
The NCCIC has released an advisory regarding an information exposure through an error message vulnerability in Johnson Controls Metasys and BCPro products. The vulnerability affects Metasys System, Versions 8.0 and prior, and BCPro (BCM), all versions prior to 3.0.2. Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the Metasys or BCPro server, allowing an attacker to target a system for attack.
The NCCIC has released an advisory regarding the use of a password hash with insufficient computational effort vulnerability in Davolink DVW-3200N network switches. All versions of DVW-3200N prior to version 1.00.06 are affected. Successful exploitation of this vulnerability may result in a remote attacker obtaining the password to the device, as the device generates a weak password hash that is easily cracked. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level.
Critical infrastructure organizations face cyber threats of all kinds, from state-sponsored and cyber crime actors to traditional IT threats. However, observations have identified common attack methodology and tradecraft regardless of industry. Gary Williams, Senior Director of Cybersecurity Services Offer Management at Schneider Electric, discusses how, while the threats and methods are similar, the uniqueness of OT environments requires security leaders to adopt different defense strategies, including greater employee engagement.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
