Cybersecurity

CISA has published an advisory on a cross-site scripting vulnerability in GE Reason S20 Ethernet Switches. All firmware versions prior to 07A06 are affected. Successful exploitation of these vulnerabilities could allow unauthorized accounts manipulation and allow for remote code execution. GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. CISA recommends a series of measures to mitigate the vulnerability.

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about the LokiBot malware, which it notes it has observed a notable increase in the use of by malicious cyber actors since July 2020. According to the alert, LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases.

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability – CVE-2020-1472 – affecting Microsoft Windows Netlogon Remote Protocol. ED 20-04 applies to federal government departments and agencies, requiring that they apply updates and report completion to CISA by Wednesday, September 23.

The Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) published a report this week on cyber planning for response and recovery that outlines best practices for the electric utility industry. The report includes observations on defensive capabilities and effectiveness of Incident Response and Recovery (IRR) plans. The report identifies common elements among the IRR plans and best practices of effective IRR plans.