Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Microsoft Exchange Server. Microsoft.
In the past week, the NCCIC released two technical alerts (TA18-276A and TA18-276B) and Bloomberg published an article about cyber threats that had exploited vulnerabilities in supply chains.
The theme for this week of National Cybersecurity Awareness Month is “Careers in Cybersecurity,” which seeks to provide advice and resources to those seeking careers in cybersecurity and organizations in need of cybersecurity personnel and expertise. The unprecedented demand for well-trained cybersecurity workers continues to grow. Some experts predict that there will be a global shortage of two million cybersecurity professionals by next year.
A new report from password management company LogMeIn finds that the bigger the enterprise, the bigger the problem when it comes to managing passwords. The company’s recently released Global Password Security Report scores its 43,000 customers on password strength, reuse, and use of multi-factor authentication. While the average score equaled a 52 out of 100 — a score LogMeIn considers to be good — the numbers generally showed the larger the company, the lower the average security score.
The NCCIC has released an advisory on stack-based buffer overflow, out-of-bounds write, information exposure through XML external entity reference, and out-of-bounds read vulnerabilities in WECON PI Studio. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior are affected. Successful exploitation of these vulnerabilities may allow remote code execution, execution of code in the context of an administrator, read past the end of an allocated object or allow an attacker to disclose sensitive information under the context of administrator.
Today, the United Kingdom announced it and its allies had exposed a campaign by the GRU, the Russian military intelligence service, of indiscriminate and reckless cyber attacks targeting a variety of institutions.
The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media platform.
Then NCCIC has released Technical Alert 18-276B about Advanced Persistent Threat (APT) actors attempted to infiltrate the networks of global managed service providers (MSPs) in order to gain unauthorized access to the networks of their customers. MSPs provide remote management of customer IT and end-user systems, and the number of organizations using MSPs has grown significantly over recent years since these services allow customers to scale and support their networks at lower costs than financing these resources internally.
The NCCIC has released Technical Alert 18-276A about Advanced Persistent Threat (APT) actors stealing the access credentials of one organization in order to target another another entity the first organization has a trusted relationship with. Using the stolen credentials, the APT actors can act the part of a legitimate partner to the target organization, which may be a parent company, a connected partner, or a contracted managed service provider.
The NCCIC has released an advisory on a heap-based buffer overflow vulnerability in GE Communicator. GE Communicator version 3.15 and prior and Gigasoft, a third-party product, version 5 and prior are affected. Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. GE recommends users update to Version 4.0 or the latest available release, to mitigate this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
