You are here

Home » Cybersecurity

Cybersecurity

Advantech iView (ICSA-20-196-01) – Product Used in the Energy and Water and Wastewater Sectors

CISA has published an advisory on SQL injection, path traversal, command injection, improper input validation, missing authentication for critical function, and improper access control vulnerabilities in Advantech iView. iView Versions 5.6 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application. Advantech has released version 5.7 of iView to address the reported vulnerabilities.

Microsoft Releases July 2020 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Microsoft Edge (EdgeHTML and Chromium-based in IE Mode), ChakraCore, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, Windows Defender, Skype for Business, Visual Studio, Microsoft OneDrive, Open Source Software, .NET Framework, and Azure DevOps.

Siemens S7-1200 CPU (Update B) (ICSA-19-318-02) – Product Used in the Water and Wastewater and Energy Sectors

July 14, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

December 10, 2019

CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.

November 18, 2019

Complementary Resource to Creating a Cybersecurity Culture

Poll questions asked during last week’s Creating a Cybersecurity Culture webinar indicated that many members have a strong cybersecurity culture and are not complacent in executing security awareness programs that promote behavioral changes. This is highly encouraging and a positive indicator of successful outcomes. However, the poll questions did not distinguish between IT or OT culture.

Conti Ransomware – The Newest Member in the Ryuk Family Tree

Conti is a new family of ransomware believed to be based on code from Ryuk’s second version. Conti also uses the same ransom note its predecessor used in earlier attacks and reportedly leverages the same Trickbot infrastructure. Conti was recently observed by the Carbon Black Threat Analysis Unit (TAU). Most notably, Conti’s attributes appear to be better and faster than most malware families, as it allows up to 32 simultaneous encryption efforts, resulting in faster encryption of targeted files.

CISA Alert: Critical Vulnerability in SAP NetWeaver AS Java

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about a previously undisclosed vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.

Phoenix Contact Automation Worx Software Suite (ICSA-20-191-01)

CISA has published an advisory on stack-based buffer overflow and out-of-bounds read vulnerabilities in Phoenix Contact Automation Worx Software Suite. PC Worx version 1.87 and prior and PC Worx Express version 1.87 and prior are affected. Successful exploitation could allow an attacker to execute arbitrary code under the privileges of the application. Phoenix Contact recommends a series of steps to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Pages

Subscribe to Cybersecurity