October 2, 2018
The NCCIC has updated this advisory with additional details on the nature of the vulnerabilities and the background of the affected products. NCCIC/ICS-CERT.
July 31, 2018
The NCCIC has released an advisory on an out-of-bounds read vulnerability in Delta Electronics Delta Industrial Automation PMSoft. Versions 2.11 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to read confidential information. Delta Electronics recommends affected users update to at least PMSoft v2.12. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
The NCCIC has released an advisory on improper access control and improper privilege management vulnerabilities in Emerson AMS Device Manager. Versions 12.0 to 13.5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection. Emerson recommends users patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
WaterISAC entered over 220 indicators of compromise regarding recent open source reporting. Perch users subscribed to the WaterISAC Community will be able to detect the following within their environment:
A recommended practice document from the NCCIC provides guidance for developing mitigation strategies for specific cyber threats and direction on how to create a Defense-in-Depth security program for control system environments.
Director of National Intelligence Dan Coats issued one of the starkest and most explicit warnings to date about China's cyber activities, calling them "unprecedented in scale" and explicitly aimed at undermining U.S. interests. In remarks at The Citadel, Coats said the Chinese government is actively targeting U.S. state and local governments and officials, "trying to exploit any divisions between federal and local levels on policy." He did not name either states or officials, nor did he elaborate on which policies had been targeted.
This October, National Cybersecurity Awareness Month (NCSAM) is commemorating its fifteenth year as an annual initiative to raise awareness about the importance of cybersecurity. This year’s theme is: “Cybersecurity is our shared responsibility and we all must work together to improve our Nation’s cybersecurity.” DHS has released the NCSAM 2018 Toolkit, a comprehensive guide with resources intended to make it easy for organizations, regardless of size or industry, to engage and promote NCSAM.
Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple's security page for macOS Mojave 10.14 and apply the necessary update. NCCIC/US-CERT.
When it comes to assessing the risk from the human element, most cybersecurity professionals don’t know where to start. Often organizations are shortsighted and look at only the immediate phishing or misdirected emails rather than what the impacts are further down the attack chain. This can lead to over-stating or under-stating the actual risk.
The use of USBs as an essential business tool is declining, but millions of these devices are still produced and distributed annually, with many given away in marketing promotion campaigns and at trade shows and destined for use in homes and businesses. USBs have been exploited by cyber threat actors, most famously by the Stuxnet worm in 2010, and remain a target for cyber threats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
