You are here

Home

Cybersecurity

15CFAM – Even though 15CFAM is over, the FUN Never Ends when Participating in Information Sharing

Perhaps we’re bias, but the adage, “cybersecurity is a shared responsibility,” seems to aptly embody information sharing more than anything else. Information sharing and collaboration takes many forms. From Information Sharing & Analysis Centers/Organizations (ISACs/ISAOs) - like WaterISAC - to regional and local collaboration groups, and even trusted one-on-one interactions, sharing threat information (across all-hazards) is imperative for the security and resilience of any organization, sector, community, region, or nation.

Mitsubishi Electric MELSEC iQ-R (ICSA-20-303-02)

CISA has published an advisory on a improper restriction of operations within the bounds of a memory buffer, session fixation, NULL pointer dereference, improper access control, argument injection, and resource management errors vulnerability in Mitsubishi Electric MELSEC iQ-R. Numerous versions of the products in these series are affected. Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.

Mitsubishi Electric MELSEC iQ-R, Q and L Series (ICSA-20-303-01)

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC iQ-R, Q and L Series. Numerous versions of the products in these series are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition in the Ethernet port on the CPU module. Mitsubishi Electric recommends users take a series of mitigation measures to minimize the risk of exploiting this vulnerability. CISA has also provided a series of measures to help mitigate the vulnerability.

CISA Alert: Ransomware Activity Targeting the Healthcare and Public Heath Sector

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a joint alert with the FBI and the U.S. Department of Health and Human Services describing the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the healthcare and public health sector to infect systems with Ryuk ransomware for financial gain. In the alert, the authoring organizations state that they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

SHUN HU Technology JUUKO Industrial Radio Remote Control (ICSA-20-301-01)

CISA has published an advisory on authentication bypass by capture-replay and command injection vulnerabilities in SHUN HU Technology JUUKO Industrial Radio Remote Control. JUUKO K-800 and K-808, with firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc., are affected. Successful exploitation of these vulnerabilities could allow attackers to replay commands, control the device, view commands, and/or stop the device from running.

FTC Advisory on Overpaid Utility Bill Scams

The Federal Trade Commission (FTC) has posted an advisory on overpaid utility bill scams. While primarily intended for consumers, a utility could provide this advisory to its customers to help them identify and avoid these scams. According to the advisory, in this scam a customer receives a robocall saying they paid too much on a utility bill. To make up for this mistake, they’ll get a cash refund and a discount on future bills. All they have to do is provide some information, such as their social security number or account details, to get their money and discount.

Pages

Subscribe to Cybersecurity