CISA Encourages Utilities and Critical Infrastructure Operators to Review WaterISAC's 15 Cybersecurity Fundamentals
The U.S.
On July 17, WaterISAC conducted the first webinar in its "Conducting Cyber Risk Assessments under AWIA" series. This kick-off webinar was intended to prepare a utility to complete a cybersecurity assessment.
The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.
The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks.
Despite the cyber criminals behind GandCrab having announced they are shutting down their operation, cybersecurity expert Brian Krebs observes that a growing body of evidence suggests they have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” In late April, researchers at Cisco Talos discovered the REvil ransomware strain being used to deploy GandCrab.
The FBI has issued a FLASH message advising on the release of a decryption tool applicable for all versions of the GandCrab ransomware. The FBI was part of the effort to make available the decryption tool, and it notes that it hopes the release of the master keys will facilitate development of additional decryption tools.
Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system.
The NCCIC has published an advisory on improper input validation and memory corruption vulnerabilities in Schneider Electric Floating License Manager. Versions 2.3.0.0 and earlier are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. Schneider Electric has made a fix for these vulnerabilities available for download on its website. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.
The NCCIC has published an advisory on an out-of-bounds write vulnerability in Schneider Electric Interactive Graphical SCADA System. IGSS Version 14 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution or crash the software. Schneider Electric recommends upgrading to Version 13.0.0.19140 or 14.0.0.19120. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.
The NCCIC has published an advisory on improper input validation and memory corruption vulnerabilities in Vijeo Citect and Citect SCADA Floating License Manager. Floating License Manager version 2.3.0.0 and earlier are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. AVEVA recommends impacted users upgrade to Floating License Manager (FLM) Version 2.3.1.0 as soon as possible. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.