You are here

Home

Cybersecurity

Equinox Control Expert (ICSA-19-353-02)

CISA has published an advisory on an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Equinox Control Expert. All current and older versions could be affected. Successful exploitation of this vulnerability may allow remote code execution. Equinox has not responded to requests to provide mitigating details regarding this vulnerability. CISA will update its advisory with any information provided by the vendor. In the meantime, CISA recommends a series of measures to mitigate the vulnerability.

WECON PLC Editor (ICSA-19-353-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a stack-based buffer overflow vulnerability in WECON PLC Editor. Version 1.3.5_20190129 is affected. Successful exploitation could allow an attacker to execute code under the privileges of the application. WECON has a strategy to address the issues and is currently developing a solution. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Moxa EDS Ethernet Switches (ICSA-19-353-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Moxa EDS Ethernet Switches. For EDS-G508E, EDS-G512E, and EDS-G516E, versions 6.0 and prior are affected. Successful exploitation of this vulnerability could cause the target device to go out of service. Moxa has developed a patch to address the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Stolen Credit Card Data Grabbed in Two Hours

New research reveals just how quickly sensitive data stolen and sold online by cyber criminals can be put to nefarious use, good information to know given the recent escalation in tactics by some ransomware gangs. Specifically, a researcher conducted an experiment in which he lumped real credit card data in with dummy credit card data and dumped the whole thing onto multiple sites. It took just two hours for criminals to respond, initially “nibbling on” the data with bots and scripts.

Building a Digital Defense during Holiday Travel

The FBI’s Portland, Oregon office has published an advisory on building a digital defense during holiday travel, when many people will be connected to networks other than those at their homes or offices and/or have visitors join theirs. For these situations, the FBI recommends not allowing phones, computers, or other devices to auto-connect to free WiFi networks and to set up separate WiFi accounts for guests to segregate any of their vulnerabilities from your sensitive data.

Threat Update - Click2Gov Victim Identifies Data on Dark Web, Suggests Potential Link to Breach

Another city has come forward with information regarding the ongoing vulnerabilities with online utility payment provider Click2Gov. Unfortunately, this one comes with an added wrinkle. The city of Marietta, GA and the FBI have reason to believe data found on the dark web is linked with recent utility customer online transactions.

Siemens SPPA-T3000 (ICSA-19-351-02) – Product Used in the Energy Sector

CISA has published an advisory on improper authentication, cleartext transmission of sensitive information, unrestricted upload of file with dangerous type, heap-based buffer overflow, integer overflow or wraparound, out-of-bounds read, improper access control, stack-based buffer overflow, SFP secondary cluster: missing authentication, deserialization of untrusted data, information exposure, and cleartext transmission of sensitive information vulnerabilities in Siemens SPPA-T3000. All versions of the Application Server and the MS3000 Migration Server are affected.

Pages

Subscribe to Cybersecurity