You are here

Home » Cybersecurity

Cybersecurity

Schneider Electric IGSS SCADA Software (ICSA-20-084-02) – Product Used in the Energy Sector

CISA has published an advisory on path traversal and missing authentication for critical function vulnerabilities in Schneider Electric IGSS SCADA software. Versions 14 and prior using the service IGSSupdate are affected. Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive data and functions. Schneider Electric has provided IGSS14 Version 14.0.0.20009 to address these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.

Microsoft RCE Vulnerabilities Affecting Windows, Windows Server

Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.

Systech NDS-5000 Terminal Server (ICSA-20-079-01)

CISA has published an advisory on a cross-site scripting vulnerability in Systech NDS-5000 Terminal Server. NDS/5008 (8 Port, RJ45), firmware Version 02D.30 is affected. Successful exploitation of this vulnerability could allow information disclosure, limit system availability, and may allow remote code execution. Systech released firmware Version 02F.6 that eliminates this vulnerability. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

In a blog, the National Institute for Standards and Technology (NIST) offers some tips for holding a secure virtual meeting, something many organizations are likely interested in right now given increased implementation of telework options amid COVID-19 concerns. Some of the tips include limiting reuse of codes, especially if you’ve used the same one for a while; enabling notifications when attendees join by playing a tone or announcing names; and using a dashboard to monitor attendees (if available), among other advice.

Building a Digital Defense with Mobile Apps

The FBI’s Portland, Oregon office has published an advisory discussing best practices for mobile apps, such as those used for messaging, banking, gaming, and more. Some of these apps might have legitimate work functions and been vetted by an organization for use. In workplaces where employees are allowed to connect their personal devices to business networks, other apps are likely being accessed. If these other apps have vulnerabilities, that constitutes a vulnerability for the network.

When Technology Fails, It’s Up to Users to Stop the Spread of Malware – Coronavirus News Themed Malware Evading Detection

Malware authors are really good at modifying malware code to evade detection by antivirus and other security products, including artificial intelligence and machine learning security engines. They also predictably incorporate trending news for their lures. So it comes as no surprise that miscreants are currently using coronavirus-themed news to bypass detection technologies. Specifically, BleepingComputer recently observed Emotet and TrickBot samples using strings from actual CNN news stories in their malware files.

Delta Electronics Industrial Automation CNCSoft ScreenEditor (ICSA-20-077-01)

CISA has published an advisory on stack-based buffer overflow and out-of-bounds read vulnerabilities in Delta Electronics Industrial Automation CNCSoft ScreenEditor. Versions 1.00.96 and prior are affected. Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or crash the application. Delta recommends updating to the latest version of CNCSoft v1.01.24 (with ScreenEditor v1.00.98) and restricting the interaction with the application to trusted files.

Most Ransomware Attacks Take Place at Night or over the Weekend

According to a report just published by cybersecurity company FireEye, 76 percent of all ransomware infections occur outside working hours, with 49 percent taking place during nighttime over the weekdays and 27 percent taking place over the weekend. The reason why attackers choose to trigger the ransomware encryption process during the night or weekend is because most companies don't have IT staff working those shifts, and if they do, they are most likely short-handed.

Pages

Subscribe to Cybersecurity