Cybersecurity

On the occasion of its 40th anniversary, FEMA has released a podcast taking listeners on a trip through the agency’s timeline, highlighting key historical events, landmark legislation, and the “not so often told story” of how it got where it is today. The podcast includes interviews with FEMA employees, one of whom has been with the agency since its inception, as well as discussions about FEMA’s responses to major disasters, such as Hurricane Andrew in 1992, the Northridge earthquake in 1994, the 9/11 attacks of 2001, and Hurricane Katrina in 2005.

The NCCIC has published an advisory on resource management errors and improper input validation vulnerabilities in Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 5700. Numerous products and versions of those products are affected. Successful exploitation of these vulnerabilities could result in a denial-of-service condition or time synchronization issues across the network via reloading the device, a buffer overflow, or memory exhaustion. Rockwell Automation recommends users upgrade to the latest versions and to apply a series of general guidelines.

The NCCIC has published an advisory on a use after free vulnerability in Omron CX-Programmer within CX-One. CX-Programmer v9.70 and prior and Common Components January 2019 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application. Omron has released an updated version of CX-One to address the vulnerability. The NCCIC has also provided a series of measures for mitigating the vulnerability.

In the latest in its series on compromising vital infrastructure, cybersecurity firm Malwarebytes provides a high-level review of cyber threats to the water sector and the interdependencies between water and other critical infrastructure sectors. The author writes a compelling reason why water/wastewater could be the most critical sector of all (but we already know that).