You are here

Home » Cybersecurity

Cybersecurity

CISA Launches Webpage to Help Partners Understand and Address Disinformation and Misinformation

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has just launched a #Protect2020 Rumor vs. Reality webpage, in which it addresses some common disinformation and misinformation rumors that can undermine public confidence in the electoral process. The webpage lists the disinformation or misinformation rumors, provides factual information to counteract this information, and offers resources to support these facts.

NSA Releases Advisory on Chinese State-sponsored Actors Exploiting Publicly Known Vulnerabilities

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Read the NSA advisory.

Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)

CISA has published an advisory on a classic buffer overflow vulnerability in Rockwell Automation 1794-AENT Flex I/O Series B. Versions 4.003 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution. Rockwell Automation recommends affected users ensure they are employing proper network segmentation and security controls when implementing the affected product. CISA also recommends a series of measures to mitigate this vulnerability.

Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector

CISA has published an advisory on an improper authentication vulnerability in Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer. XMC20 R4 using COGE5 versions older than co5ne_r1h07_12.esw and XMC20 R6 using COGE5 versions older than co5ne_r2d14_03.esw are affected. Successful exploitation of this vulnerability could allow an attacker to remotely take control of the product. Hitachi ABB Power Grids has corrected the problem in the different product versions and recommends users apply the firmware update at the earliest availability.

15CFAM – What’s so FUN about Addressing All the Things (Internet-of-Things) and the Supply Chain Too?

In keeping with this week’s NCSAM theme of internet-connected devices (in healthcare), we decided to jump way ahead in our ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series to #14 (Address All Smart Devices) and #13 (Secure the Supply Chain) from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide.

National Cybersecurity Awareness Month Week Three – #BeCyberSmart when Securing Internet-Connected Devices in Healthcare (and Everywhere)

The NCSAM focus for week three is on healthcare, specifically the internet-connected devices that increasingly dominate this vital sector. Given the emphasis on patient care, it goes without saying that the personal implications of internet-connected devices in healthcare are extremely critical. From hospitals and care facilities, to telemedicine, wellness apps, and implanted medical devices, industry and consumers alike need to understand the threats and take the necessary steps to secure these vulnerable and highly targeted devices.

Pages

Subscribe to Cybersecurity