Cybersecurity

ABB Systems 800xA Information Manager (ICSA-20-184-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a cross-site scripting vulnerability in ABB System 800xA Information Manager. Versions prior to 5.1 Rev E/5.1 FP4 Rev E TC6, 6.0.3.3 RU1, and 6.1 RU1 are affected. Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server. ABB has provided a list of recommended measures to mitigate the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

Read more about ABB Systems 800xA Information Manager (ICSA-20-184-02) – Product Used in the Water and Wastewater and Energy Sectors

Microsoft Releases Security Updates for Windows 10, Windows Server

Microsoft has released security updates to address vulnerabilities in Windows 10 and Windows Server. These vulnerabilities could allow a remote attacker to take control of an affected system.

Read more about Microsoft Releases Security Updates for Windows 10, Windows Server

Johnson Controls exacqVision (Update A) (ICSA-20-170-01)

July 2, 2020

CISA has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at CISA.

June 18, 2020

Read more about Johnson Controls exacqVision (Update A) (ICSA-20-170-01)

Perpetual Password Pitfalls

While phishing for credentials is a top cyber attack vector, many threat actors do not need to rely on phishing because password guessing is so easy. Threat intelligence firm Flashpoint took a deep dive into its collection of over 35 billion compromised credentials and unsurprisingly discovered a primary parallel: people are predictable.

After slicing and dicing the top 10,000 bad passwords, Flashpoint observed:

Read more about Perpetual Password Pitfalls

CISA Alert: Defending against Malicious Cyber Activity Originating from Tor

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert highlighting risks associated with Tor, along with technical details and recommendations for mitigation. Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes.

Read more about CISA Alert: Defending against Malicious Cyber Activity Originating from Tor

July 1, 2020: An Urgent Call to Action - The Cyberspace Solarium Commission Report

WaterISAC convened a discussion with representatives of the Cyberspace Solarium Commission on July 1.

Read more about July 1, 2020: An Urgent Call to Action - The Cyberspace Solarium Commission Report

Mitsubishi Electric Factory Automation Engineering Software Products (ICSA-20-182-02)

CISA has published an advisory on an improper restriction of XML external entity reference and uncontrolled resource consumption vulnerability in Mitsubishi Electric Factory Automation Engineering Software Products. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow a local attacker to send files outside of the system as well as cause a denial-of-service condition. Mitsubishi Electric recommends affected users download the latest version of each software product and update it.

Read more about Mitsubishi Electric Factory Automation Engineering Software Products (ICSA-20-182-02)

Inductive Automation Ignition (Update B) (ICSA-20-147-01) – Product Used in the Energy Sector

June 30, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

June 2, 2020

CISA has updated this advisory with additional details of the affected products. Read the advisory at CISA.

May 28, 2020

Read more about Inductive Automation Ignition (Update B) (ICSA-20-147-01) – Product Used in the Energy Sector

Be Prepared with Public-Private Partnerships

SecurityRoundtable.org, powered by Palo Alto Networks posted resounding support for the necessity of public-private partnerships in the fight against cyber threats. Citing the fact that threat actors participate in collaboration to further attack campaigns, it is imperative that organizations across all facets of business do it better in defense of our networks and homeland security. The post cites several law enforcement organizations that are key to successful information and intelligence sharing, many of which WaterISAC maintains relationships.

Read more about Be Prepared with Public-Private Partnerships

Palo Alto Releases Security Updates for PAN-OS

Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Palo Alto Security Advisory for CVE-2020-2021 and apply the necessary updates or workarounds.

Read more about Palo Alto Releases Security Updates for PAN-OS

You are here

Cybersecurity

ABB Systems 800xA Information Manager (ICSA-20-184-02) – Product Used in the Water and Wastewater and Energy Sectors

Microsoft Releases Security Updates for Windows 10, Windows Server

Johnson Controls exacqVision (Update A) (ICSA-20-170-01)

Perpetual Password Pitfalls

CISA Alert: Defending against Malicious Cyber Activity Originating from Tor

July 1, 2020: An Urgent Call to Action - The Cyberspace Solarium Commission Report

Mitsubishi Electric Factory Automation Engineering Software Products (ICSA-20-182-02)

Inductive Automation Ignition (Update B) (ICSA-20-147-01) – Product Used in the Energy Sector

Be Prepared with Public-Private Partnerships

Palo Alto Releases Security Updates for PAN-OS

Pages

You are here

Cybersecurity

Pages

Footer Email Signup