The NCCIC reports it is aware of a vulnerability affecting Bluetooth firmware and operating system software drivers. A remote attacker could exploit this vulnerability to obtain sensitive information.
The NCCIC has released a Threat Alert on the Emotet malware, an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors. Emotet is disseminated through malspam (emails containing malicious attachments or links) that uses branding familiar to the recipient and imitates PayPal receipts, shipping notifications, or “past-due” invoices.
Cybersecurity firm, CrowdStrike published results for a new survey on Securing the Supply Chain.
Yesterday, the U.S. Department of Homeland Security (DHS) hosted an unclassified, virtual awareness briefing in its NCCIC Awareness Briefing series, titled, Russian Activity Against Critical Infrastructure.
The NCCIC has released an advisory on a resource exhaustion vulnerability in Moxa Nport 5210 5230 5232. Versions 2.9 build 17030709 and prior are affected. Successful exploitation of this vulnerability could allow a remote attacker to send TCP SYN packages, causing a resource exhaustion condition that would cause the device to become unavailable. Moxa recommends that users upgrade to the latest firmware version.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InTouch. Numerous versions of this product are affected. Successful exploitation of this vulnerability could allow an unauthenticated user to remotely execute code with the same privileges as those of the InTouch View process which could lead to a compromise of the InTouch HMI. Systems are only vulnerable if the operating system locales do not use a dot floating point separator. AVEVA recommends a series of mitigation measures for each version of the software affected.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in AVEVA InduSoft Web Studio and InTouch Machine Edition. For InduSoft Web Studio, v8.1 and v8.1SP1 are affected. For InTouch Machine Edition, V2017 8.1 and v2017 8.1 SP1 are affected. These products are vulnerable only if the TCP/IP Server Task is enabled. A remote attacker could send a carefully crafted packet during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
Utilities with more mature monitoring capabilities may be interested in a new tool by Nozomi Networks, a Wireshark plug-in developed to detect TriStation protocol traffic on the network, the TriStation Protocol Plug-in for Wireshark. Wireshark, a widely used open source network packet analyzer commonly used for network troubleshooting and analysis, is extremely useful for advanced malware analysis, including detecting TRITON/TRISIS/HatMan activity.
Tripwire posted an article describing the American Water Works Association (AWWA) Cybersecurity Guidance and Tool for water and wastewater utilities looking to more comprehensively evaluate and bolster their current cybersecurity posture.
As Google continues to rollout updated features to their suite of products, users should remain vigilant for fraudulent emails purporting to use the Gmail name to gain trust and phish unsuspecting users. On 24 May, (posted in the 29 May SRU), the U.S.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
