Cybersecurity

CISA has published an advisory on cleartext transmission of sensitive information, uncontrolled resource consumption, hidden functionality, and improper access control vulnerabilities in Schneider Electric Triconex TriStation and Tricon Communication Module. Numerous versions of TriStation and Tricon Communication Module are affected. Successful exploitation of these vulnerabilities may allow an attacker to view clear text data on the network, cause a denial-of-service condition, or allow improper access.

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert recommending critical infrastructure owners and operators take immediate steps to reduce exposure of operational technology (OT) and control systems. The alert notes that due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S.

Members of WaterISAC are no strangers to Stuxnet. Uncovered in 2010, Stuxnet was the first of what was anticipated, if not expected, to be the beginning of a “cyber warfare” era. Stuxnet marked the first true cyber weapon in history designed to physically attack a military target. For those not intimately familiar with its background, Ralph Langner, the foremost authority on Stuxnet, recounts the backstory and enriched technical details of the autonomous, stealthy, patient, calculating, uber-virus. Mr.

Last week, researchers observed Emotet awake from its 160 day slumber. The “public cyber enemy,” as Malwarebytes is calling it, seemed to warm-up as it began lightly populating inboxes on July 13. But by July 17, the malspam onslaught commenced with nearly a quarter million messages. Emotet usually emerges out of hibernation with a new tactic in its arsenal, but so far nothing remarkable.