You are here

Home

Cybersecurity

Wi-Fi Phishing Attacks Discovered Around Atlanta City Hall After Ransomware Attack

As the city of Atlanta continues to recover from the epic ransomware incident that occurred in March, security researchers have discovered a rash of active Wi-Fi phishing attacks around Atlanta City Hall and the Georgia State Capital Building. As the prolonged aftermath of the SamSam ransomware attack plagues Atlanta, malicious actors seek ways to gain unauthorized access to the city's computer systems through phishing for valuable user credentials.

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway (ICSA-18-158-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an unquoted search path or element vulnerability in Rockwell RSLinx Classic and FactoryTalk Linx Gateway. Versions 3.90.01 and prior of the former product and versions 3.90.00 and prior of the latter product are affected. Successful exploitation of this vulnerability could allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation. Rockwell Automation recommends all users update to new versions of RSLinx Classic and FactoryTalk Linx Gateway.

CRASHOVERRIDE Activity Expands – Reportedly Targeted Water and Wastewater Sector Organizations

Recent public research indicates the group responsible for the CRASHOVERRIDE (a.k.a., Industroyer) malware used to disrupt the Ukrainian electric grid in 2016 is expanding its target set, reportedly to include organizations in the water and wastewater sector. Additionally, the group is no longer solely geographically focused on targets within the Ukraine.

Basic Cyber Defense – Using the Cyber Kill Chain to Educate Users and Protect Endpoints

The original "Cyber Kill Chain" developed by Lockheed Martin, identifies seven steps adversaries perform to compromise networks and accomplish an objective. TechRepublic posted an article offering basic end-user awareness or endpoint-focused defense actions at each step of the Cyber Kill Chain to stop malicious actors from achieving their ultimate goal.

Delta Industrial Automation DOPSoft (ICSA-18-151-01)

The NCCIC has released an advisory on out-of-bounds read, heap-based buffer overflow, and stack-based buffer overflow vulnerabilities in Delta Industrial Automation DOPSoft. Versions 4.00.04 and prior are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to read sensitive information, execute arbitrary code, and/or crash the application. Delta Electronics recommends affected users update to the latest version.

Schneider Electric Floating License Manager (ICSA-18-144-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open redirect vulnerabilities in Schneider Electric Floating License Manager. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.

Tags: 
nccic ics-cert schneider electric

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series (ICSA-18-137-02)

The NCCIC has released an advisory on command injection, information exposure, and stack-based buffer overflow vulnerabilities in PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series. All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affected. Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure. PHOENIX CONTACT recommends that affected users upgrade to firmware Version 1.34 or higher.

Tags: 
nccic ics-cert phoenix contact

Pages

Subscribe to Cybersecurity