You are here

Home » Cybersecurity

Cybersecurity

Addressing OT Cybersecurity Strategy in the New Year

While one cybersecurity strategy does not fit all organization types, there are common questions that all organizations should ask themselves when embarking on a new year. Critical infrastructure cybersecurity firm Applied Risk poses four basic questions and offers approaches to drive OT cybersecurity initiatives for 2020 and beyond. From risk assessments and policies and procedures, to cybersecurity culture and teaming exercises, many of their suggestions coincide with WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities.

Reliable Controls MACH-ProWebCom/Sys (ICSA-19-353-04)

CISA has published an advisory on a cross-site scripting vulnerability in Reliable Controls MACH-ProWebCom/Sys. For both MACH-ProWebSys and MACH-ProWebCom, all versions prior to 2.15 (firmware version prior to 8.26.4) are affected. Successful exploitation of this vulnerability could allow an attacker to execute commands on behalf of the affected user. Reliable Controls has released MACH-ProWebCom/Sys firmware revision 8.26.4 and software revision 2.15 to resolve the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

Equinox Control Expert (ICSA-19-353-02)

CISA has published an advisory on an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Equinox Control Expert. All current and older versions could be affected. Successful exploitation of this vulnerability may allow remote code execution. Equinox has not responded to requests to provide mitigating details regarding this vulnerability. CISA will update its advisory with any information provided by the vendor. In the meantime, CISA recommends a series of measures to mitigate the vulnerability.

WECON PLC Editor (ICSA-19-353-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a stack-based buffer overflow vulnerability in WECON PLC Editor. Version 1.3.5_20190129 is affected. Successful exploitation could allow an attacker to execute code under the privileges of the application. WECON has a strategy to address the issues and is currently developing a solution. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Moxa EDS Ethernet Switches (ICSA-19-353-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Moxa EDS Ethernet Switches. For EDS-G508E, EDS-G512E, and EDS-G516E, versions 6.0 and prior are affected. Successful exploitation of this vulnerability could cause the target device to go out of service. Moxa has developed a patch to address the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Stolen Credit Card Data Grabbed in Two Hours

New research reveals just how quickly sensitive data stolen and sold online by cyber criminals can be put to nefarious use, good information to know given the recent escalation in tactics by some ransomware gangs. Specifically, a researcher conducted an experiment in which he lumped real credit card data in with dummy credit card data and dumped the whole thing onto multiple sites. It took just two hours for criminals to respond, initially “nibbling on” the data with bots and scripts.

Building a Digital Defense during Holiday Travel

The FBI’s Portland, Oregon office has published an advisory on building a digital defense during holiday travel, when many people will be connected to networks other than those at their homes or offices and/or have visitors join theirs. For these situations, the FBI recommends not allowing phones, computers, or other devices to auto-connect to free WiFi networks and to set up separate WiFi accounts for guests to segregate any of their vulnerabilities from your sensitive data.

Pages

Subscribe to Cybersecurity