You are here

Home

Cybersecurity

Advantech WISE-PaaS/RMM (ICSA-19-304-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech WISE-PaaS/RMM. Versions 3.3.29 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn. CISA also recommends a series of measures to mitigate the vulnerability.

Building a Digital Defense Using Virtual Private Networks

The FBI’s Portland, Oregon office has published an advisory discussing the use of virtual private networks, or VPNs. For those who use public WiFi networks for business or personal computing, VPNs are an incredibly important tool as they render traffic that could otherwise be intercepted by a third party – potentially a malicious actor – as unreadable. Given that there are many different types of VPNs on the market, the FBI offers a series of tips to assist in decisions about which one to choose.

CISA Malware Analysis Report on Recent North Korean Activity: “HOPLIGHT”

The DHS Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) on recent malicious cyber activity attributed to the North Korean government. This activity, referred to as “HOPLIGHT,” involves Trojan malware variants. The MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch) and give the activity the highest priority for enhanced mitigation.

Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems

The DHS Cybersecurity and Infrastructure Agency (CISA) has published a document on cybersecurity best practices for operating commercial unmanned aircraft systems (UASs). In the document, CISA explains that while UASs offer benefits, they can also pose cybersecurity risks that necessitate caution on the part of operators. The document is intended to assist an organization with standing up or securing an existing program and is meant for information technology managers and personnel involved in UAS operations.

PHOENIX CONTACT Automation Worx Software Suite (ICSA-19-302-01)

CISA has published an advisory on an improper input validation vulnerability in PHOENIX CONTACT Automation Worx Software Suite. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of an application programming workstation. Automated systems programmed using one of the affected products are not impacted. Phoenix Contact is in the process of developing an updated version of this product.

Incident Response Ransomware: Part One

TrustedSec has published the first blog in what it says will become a three-part series on responding to a ransomware incident. Part one provides an introduction into what ransomware is, how it works, and how it spreads to systems within an organization. It also describes different types of ransomware and variations of ransomware tactics. While part two in this series will go more into the attack kill chain, this first segment provides an overview of the sequence of events that occur during infection. Part two will also discuss more of the ways to detect, protect, and prevent ransomware.

Building a Culture of Cyber Preparedness

Daniel Kaniewski, the deputy administrator for resilience at FEMA, has written an article on the importance of incorporating cybersecurity into overall preparedness efforts. He discusses FEMA’s coordination with the DHS Cybersecurity and Infrastructure Security Agency (CISA) and other efforts undertaken by his organization in this area, which include investments of over $165 million in grant funding to state and local jurisdictions. He also notes that next year’s national level exercise (NLE) – NLE 2020 – will feature a major cyber attack scenario.

Australian Advisory on Emotet Malware Campaign

The Australian Cyber Security Centre (ACSC) has released an advisory on an ongoing, widespread Emotet malware campaign. In its advisory, ACSC notes the malicious emails used in this campaign are designed to spread across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies. The advisory provides indicators of compromise (IOCs) and recommendations to help organizations defend against Emotet.

Pages

Subscribe to Cybersecurity