You are here

Home » Cybersecurity

Cybersecurity

Yokogawa WideField3 (ICSA-20-273-02) – Product Used in the Energy Sector

CISA has published an advisory on a buffer copy without checking size of input vulnerability in Yokogawa WideField3. WideField3 R1.01 – R4.-3 are affected. Successful exploitation of this vulnerability could terminate the program abnormally. Yokogawa has prepared revision R4.04 to address this vulnerability and recommends that users switch to this revision. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

The ICS Cyber Risk Management Trifecta

They say “knowledge is power.” Therefore, knowing what assets you have, knowing where your vulnerabilities are (and fixing them), and knowing how to handle an incident and respond when your assets are compromised and vulnerabilities are exploited would seem to be a powerful advantage in cyber risk management. We know these are not the only programs for a successful ICS cyber risk management strategy, but one could argue they are foundational.

Apple Releases Security Updates - Updated September 25, 2020

September 25, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. Read the advisory at CISA.

September 17, 2020

What’s Good for the Grid is Good for the Groundwater

Pardon the stretch for the purpose of the title; I hope the spirit with which it was intended is somewhat appreciated. In a blog post at Tenable yesterday, Marty Edwards highlighted how current work from the Cybersecurity and Infrastructure Security Agency (CISA), along with three recently proposed bills should have positive cross-sector benefits. While the proposed bills are specific to grid security and resilience, Mr. Edwards suggests their influence should improve cross-sector collaboration and information sharing.

Proactive Response and Recovery for OT

Whether consistently performed and maintained or not, there is little argument on the importance of being proactive with the NIST Cybersecurity Framework’s first 2 core principles of identification and protection. The OT integrity company PAS Global makes an interesting observation that the importance of proactive detection, response, and recovery are not as well-discussed or practiced in OT environments. PAS explains this assertion by highlighting a recent case that illustrates some failures and opportunities associated with being reactive vs.

Scammers Prey on Kindness during Disasters

With all the disasters that have happening, or that are still happening, the Federal Trade Commission (FTC) reminds the public that shameless scammers will try to leverage these events to steal money. As people open their hearts and wallets to help people and causes, it advises them to consider a list of tips for safe giving. The FTC posting also includes a video, a separate website with more tips on how to spot and avoid charity scams, and where to file a complaint.

GE Reason S20 Ethernet Switch (ICSA-20-266-02) – Products Used in the Energy Sector

CISA has published an advisory on a cross-site scripting vulnerability in GE Reason S20 Ethernet Switches. All firmware versions prior to 07A06 are affected. Successful exploitation of these vulnerabilities could allow unauthorized accounts manipulation and allow for remote code execution. GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. CISA recommends a series of measures to mitigate the vulnerability.

Pages

Subscribe to Cybersecurity