The NCCIC has published a “Protecting Against Ransomware” Security Tip, which provides an overview of ransomware, describes how it works and is delivered, and provides recommendations for preventing and responding to ransomware infections. This resource also contains numerous links to other products for helping partners to understand ransomware and how to protect themselves and their organizations from attacks. Access the Security Tip at NCCIC/US-CERT.
The Department of Homeland Security (DHS) and the FBI report they have identified a Trojan malware variant – referred to as “HOPLIGHT” – used by the North Korean government. The DHS National Cybersecurity and Communications Integration Center (NCCIC) has published a Malware Analysis Report (MAR) on HOPLIGHT that it encourages partners to review. The MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques.
The industrial cybersecurity community, including WaterISAC, continues to emphasize the larger threat to ICS emanates from IT versus OT-centric cyber threats. To further address this issue, ICS cyber forensic firm Dragos posted Implications of IT Ransomware for ICS Environments. Dragos discusses the importance in identifying the propagation methods of IT-based malware, like WannaCry, NotPetya, and LockerGoga in order to more effectively prevent inadvertent impact to ICS operations.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, ASP.NET, Microsoft Exchange Server, Team Foundation Server, Azure DevOps Server, Open Enclave SDK, and Windows Admin Center.
April 9, 2019
The NCCIC has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
November 13, 2018
The NCCIC has updated this advisory with additional details on affected products and mitigation measures. NCCIC/ICS-CERT.
April 24, 2018
April 9, 2019
The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
November 13, 2018
The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.
October 9, 2018
The NCCIC has published an advisory on double free, out-of-bounds read, and uncontrolled resource consumption vulnerabilities in Siemens RUGGEDCOM ROX II. All versions prior to 2.13.0 are affected. Successful exploitation of these vulnerabilities could result in remote code execution and/or a denial-of-service condition. Siemens has provided firmware update v2.13.0 to fix these vulnerabilities and also recommends users apply specific workarounds and mitigations to reduce risk. The NCCIC has also provided a series of measures for mitigating the vulnerabilities.
The NCCIC has published an advisory on incorrect calculation of buffer size, out-of-bounds read, stack-based buffer overflow, and improper handling of insufficient permissions vulnerabilities in Siemens SINEMA Remote Connect. For SINEMA Remote Connect Client, all versions prior to v2.0 HF1 are affected. For SINEMA Remote Connect Server, all versions prior to 2.0 are affected. Successful exploitation of these vulnerabilities could allow an attacker to circumvent the system authorization for certain functionalities, and to execute privileged functions.
The NCCIC has published an advisory on a command injection vulnerability in Siemens Spectrum Power 4.7. Spectrum Power 4 with Web Office Portal is affected. Successful exploitation of this vulnerability in versions of Spectrum Power 4 using the user-specific project enhancement (PE) Web Office Portal (WOP) are affected by an OS command injection vulnerability. The vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this vulnerability.
The NCCIC has published an advisory on an uncontrolled resource consumption vulnerability in SIMOCODE pro V EIP. All versions prior to 1.0.2 are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition. Siemens recommends users upgrade to Version 1.0.2. Users who cannot upgrade because of hardware restrictions are recommended to apply the manual mitigations. The NCCIC has also provided a series of measures for mitigating the vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
