Cybersecurity

Emerson AMS Device Manager (ICSA-18-270-01) – Product Used in the Energy Sector

The NCCIC has released an advisory on improper access control and improper privilege management vulnerabilities in Emerson AMS Device Manager. Versions 12.0 to 13.5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection. Emerson recommends users patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Read more about Emerson AMS Device Manager (ICSA-18-270-01) – Product Used in the Energy Sector

Perch Indicators - 02 October 2018

WaterISAC entered over 220 indicators of compromise regarding recent open source reporting. Perch users subscribed to the WaterISAC Community will be able to detect the following within their environment:

Read more about Perch Indicators - 02 October 2018

Improving ICS Cybersecurity with Defense-in-Depth Strategies (DHS)

A recommended practice document from the NCCIC provides guidance for developing mitigation strategies for specific cyber threats and direction on how to create a Defense-in-Depth security program for control system environments.

Read more about Improving ICS Cybersecurity with Defense-in-Depth Strategies (DHS)

Director of National Intelligence Warns Chinese Cyber Activities Target State and Local Governments

Director of National Intelligence Dan Coats issued one of the starkest and most explicit warnings to date about China's cyber activities, calling them "unprecedented in scale" and explicitly aimed at undermining U.S. interests. In remarks at The Citadel, Coats said the Chinese government is actively targeting U.S. state and local governments and officials, "trying to exploit any divisions between federal and local levels on policy." He did not name either states or officials, nor did he elaborate on which policies had been targeted.

Read more about Director of National Intelligence Warns Chinese Cyber Activities Target State and Local Governments

October is National Cyber Security Awareness Month

This October, National Cybersecurity Awareness Month (NCSAM) is commemorating its fifteenth year as an annual initiative to raise awareness about the importance of cybersecurity. This year’s theme is: “Cybersecurity is our shared responsibility and we all must work together to improve our Nation’s cybersecurity.” DHS has released the NCSAM 2018 Toolkit, a comprehensive guide with resources intended to make it easy for organizations, regardless of size or industry, to engage and promote NCSAM.

Read more about October is National Cyber Security Awareness Month

Apple Releases Security Update for macOS Mojave

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple's security page for macOS Mojave 10.14 and apply the necessary update. NCCIC/US-CERT.

Read more about Apple Releases Security Update for macOS Mojave

Assessing the Human Element in Cyber Risk Analysis

When it comes to assessing the risk from the human element, most cybersecurity professionals don’t know where to start. Often organizations are shortsighted and look at only the immediate phishing or misdirected emails rather than what the impacts are further down the attack chain. This can lead to over-stating or under-stating the actual risk.

Read more about Assessing the Human Element in Cyber Risk Analysis

Despite their Decreasing Numbers, USBs are Still Leveraged to Conduct Attacks

The use of USBs as an essential business tool is declining, but millions of these devices are still produced and distributed annually, with many given away in marketing promotion campaigns and at trade shows and destined for use in homes and businesses. USBs have been exploited by cyber threat actors, most famously by the Stuxnet worm in 2010, and remain a target for cyber threats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident.

Read more about Despite their Decreasing Numbers, USBs are Still Leveraged to Conduct Attacks

White House Releases National Cyber Strategy

Late last week, the White House announced a new national cybersecurity strategy intended to improve the defensive postures of federal and private sector networks and systems. The strategy is comprised of four overarching pillars, each of which consists of a series of actions.

Read more about White House Releases National Cyber Strategy

Tec4Data SmartCooler (ICSA-18-263-01)

The NCCIC has released an advisory on a missing authentication for critical function vulnerability in Tec4Data Smart Cooler. All versions prior to firmware 180806 are affected. Successful exploitation of this vulnerability could cause the device to shut down by exploiting missing authentication for a critical function. Tec4Data has released new firmware to address the vulnerability and has distributed the new firmware to affected devices. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Read more about Tec4Data SmartCooler (ICSA-18-263-01)

You are here

Cybersecurity

Emerson AMS Device Manager (ICSA-18-270-01) – Product Used in the Energy Sector

Perch Indicators - 02 October 2018

Improving ICS Cybersecurity with Defense-in-Depth Strategies (DHS)

Director of National Intelligence Warns Chinese Cyber Activities Target State and Local Governments

October is National Cyber Security Awareness Month

Apple Releases Security Update for macOS Mojave

Assessing the Human Element in Cyber Risk Analysis

Despite their Decreasing Numbers, USBs are Still Leveraged to Conduct Attacks

White House Releases National Cyber Strategy

Tec4Data SmartCooler (ICSA-18-263-01)

Pages

You are here

Cybersecurity

Pages

Footer Email Signup