You are here

Home

Cybersecurity

Ice Qube Thermal Management Center (ICSA-18-249-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on improper authentication and unprotected storage of credentials vulnerabilities in Ice Qube Thermal Management Center. All versions prior to 4.13 are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to configuration files or obtain sensitive information. Ice Qube recommends that users of affected versions upgrade to the latest version of Thermal Management Center v4.13 or newer.

Google Mulls a Replacement for the URL Given Security Concerns

Uniform Resource Locators, or URLs, are the familiar web addresses you use every day. They direct browsers to the right addresses so you don't have to manage complicated routing protocols and strings of numbers. But over time, URLs have gotten more and more difficult to read and understand. Their opacity has been a boon for cyber criminals, who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services.

DHS Secretary Warns of ‘Pandemic’ Cyber Attacks and Vulnerabilities

U.S. Department of Homeland Security Secretary Kirstjen Nielsen painted a daunting picture of the global digital landscape in a speech Wednesday, describing “a worldwide outbreak of cyber attacks and cyber vulnerabilities” that had moved from the “epidemic” to the “pandemic” stage. “Cyber attacks, in terms of their breadth and scope and possible consequences, now exceed the risk of physical attacks,” Nielsen said. “Cyberspace is now the most active battlefield, and the attack surface extends into every single American home,” she continued.

Opto22 PAC Control Basic and PAC Control Professional (ICSA-18-247-01)

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Opto22 PAC Control Basic and PAC Control Professional. PAC Control Basic versions R10.0a and prior and PAC Control Professional Versions R10.0a and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, and a buffer overflow condition may then allow remote code execution. Opto22 recommends users upgrade to the newest version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Most BEC Scams Perpetrated with Plain Text Emails, According to Study of 3,000 Incidents

To better understand the goals and methodology of business email compromise (BEC) scams, cybersecurity company Barracuda compiled statistics from 3,000 incidents it observed. Among other findings, Barracuda observed that about 60 percent of BEC attacks do not involve a link: the attack is simply a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information. Because they don't contain any suspicious links, these messages often go undetected by email security systems.

Cyber Resilience – Leverage Your Best Asset to Support Your Cybersecurity Program

Utilities struggling to build a cyber-defense team do not have to look beyond their own walls to find qualified staff to help defend the organization. Tripwire offers food for thought on the benefits of cybersecurity education and awareness in cultivating security champions for your organization that will help, rather than hinder your cybersecurity efforts. Phrases like “cybersecurity is a shared responsibility,” and “create a culture of cybersecurity from the breakroom or the boardroom” have been key topics promoted by the cybersecurity community in recent years.

FBI Launches Education for Public on Recognizing and Combating Foreign Influence

The FBI has launched a webpage on combating foreign influence, which include covert actions by foreign governments to influence U.S. audiences. The goal of foreign influence operations directed against the U.S. is to spread disinformation, sow discord, and undermine confidence in democratic institutions and values. Foreign influence operations have taken many forms and used many tactics over the years.

Scammers Threaten to “Review Bomb” Companies Unless They Pay

In the latest development in how cyber criminals are evolving their means of trying to extort cash from victims, a group threatened to spread fake, negative reviews and complaints about companies unless they paid the group a fee. “We are experts in destroying personal or company reputation online,” the group, calling itself STD Company, wrote to its targets.

Seven Steps to Start Searching for Your Organization’s Publicly Accessible Internet-Connected Devices with Shodan

DARKReading has posted a seven step tutorial for how to start using Shodan, a search engine for discovering Internet-connected devices, including industrial control system devices part of water and wastewater utilities’ networks. Shodan can be a powerful tool for security professionals as they seek to understand where parts of their networks are observable to outsiders, and potentially vulnerable to their attacks. WaterISAC has encouraged its members to identify areas of their OT networks that are publicly accessible, lest adversaries do this first.

Pages

Subscribe to Cybersecurity