You are here

Home » Cybersecurity

Cybersecurity

National Cybersecurity Awareness Month Week Three – #BeCyberSmart when Securing Internet-Connected Devices in Healthcare (and Everywhere)

The NCSAM focus for week three is on healthcare, specifically the internet-connected devices that increasingly dominate this vital sector. Given the emphasis on patient care, it goes without saying that the personal implications of internet-connected devices in healthcare are extremely critical. From hospitals and care facilities, to telemedicine, wellness apps, and implanted medical devices, industry and consumers alike need to understand the threats and take the necessary steps to secure these vulnerable and highly targeted devices.

‘15CFAM’ is No FUN When Vulnerabilities Aren’t Managed

Welcome back to our next installment of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its complement to National Cybersecurity Awareness Month (NCSAM). We hope you were challenged a little by our last 15CFAM on Consequence-driven Cyber-informed Engineering (CCE), but as promised we are back to a more broadly practical fundamental on vulnerability management.

FBI Tech Tuesday on Cybersecurity Awareness Month: Building a Digital Defense against Common Cyber Scams

In recognition of National Cybersecurity Awareness Month, the FBI’s Portland, Oregon field office is offering some important reminders on how to stay safe online. For this week’s publication, it focuses on building a digital defense against some of the most common forms of cyber scams. It discusses two of the most common schemes, those involving ransomware and business email compromise (BEC). It also describes two of the typical vectors for these attacks, specifically spoofing and phishing.

Advantech R-SeeNet (ICSA-20-289-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an SQL injection vulnerability in Advantech R-SeeNet. Versions 1.5.1 through 2.4.10 are affected. Successful exploitation of this vulnerability could allow remote attackers to retrieve sensitive information from the R-SeeNet database. Advantech recommends updating to Version 2.4.11 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Advantech WebAccess/SCADA (ICSA-20-289-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an external control of file name or path vulnerability in Advantech WebAccess/SCADA. Versions 9.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute remote code as an administrator. Advantech recommends users update to Version 9.0.1 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

TrickBot Takes a Hit in Recent Takedown Attempt

On Monday, a coalition of tech companies orchestrated a takedown attempt of TrickBot, currently one of the most successful malware-as-a-service operations. TrickBot survived the operation, with the command and control servers and domains that had been seized replaced the next day by new infrastructure. However, the operation appears to have had some effect on TrickBot, even if it was just temporal and limited. "Our estimate right now is what the takedown did was to give current victims a breather," a security researcher said.

SAP Releases October 2020 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager and SAP Focused Run. CISA encourages users and administrators to review the SAP Security Notes for October 2020 and apply the necessary updates.

Pages

Subscribe to Cybersecurity