You are here

Home » Cybersecurity

Cybersecurity

WAGO I/O-CHECK (ICSA-20-065-01) – Product Used in the Energy Sector

CISA has published an advisory on information exposure through sent data, buffer access with incorrect length value, missing authentication for critical function, and classic buffer overflow vulnerabilities in WAGO I/O-CHECK Series PFC100 and Series PFC200. Multiple versions of this software are affected. Successful exploitation of these vulnerabilities could allow an attacker to change settings, delete the application, run remote code, cause a system crash, cause a denial-of-service condition, revert to factory settings, and overwrite MAC addresses.

UK Releases Tips on Securing Smart Security Cameras

The UK National Cyber Security Centre (NCSC) has released guidance on how to correctly set up smart security cameras to avoid having them hacked by attackers. The guidance begins with a series of three steps that the NCSC says will make it much harder for cyber criminals to access your smart camera. These include changing default passwords, implementing regular security updates, and removing the feature for remotely viewing camera footage via the internet (unless you need it). The guidance also discusses router settings that, if not properly configured, can be exploited by hackers.

Australia Releases Securing Content Management Systems Guide

The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems (CMS). This guidance provides effective mitigation strategies organizations can use to better protect their external-facing systems from cyber network exploitation. Read the guide at ACSC.

March 5 is National “Slam the Scam” Day

In association with the Federal Trade Commission’s National Consumer Protection Week (March 1 to 7), the Social Security Administration (SSA) has designated March 5 as National “Slam the Scam” Day to educate Americans about telephone scammers impersonating government employees. As many water and wastewater utility personnel have experienced, scammers aim to gain potential victims’ trust and steal their money and personally identifiable information.

ICS Alert: SweynTooth Vulnerabilities

CISA has published an alert on multiple Bluetooth Low Energy (BLE) vulnerabilities with proof-of-concept (PoC) exploit code affecting a large number of IOT, Smart-home, wearable, and medical devices from vendors who utilize BLE wireless communication technology. CISA notes the alert was released without coordination with some of the affected vendors, adding that it has notified some of the vendors of the report and has asked them to confirm the vulnerabilities and identify mitigations.

PHOENIX CONTACT Emalytics Controller ILC (ICSA-20-063-02) – Product Used in the Energy Sector

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in PHOENIX CONTACT Emalytics Controller ILC. All versions prior to 1.2.3 are affected. Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or stop services. Phoenix Contact strongly recommends affected users update to engineering software Emalytics v1.2.3 or higher and recommission the controllers. CISA also recommends a series of measures to mitigate the vulnerability.

Emerson ValveLink (ICSA-20-063-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper access control vulnerability in Emerson ValveLink. Versions 12.0.264 to 13.4.118 are affected. Successful exploitation of this vulnerability could allow arbitrary code execution. Emerson recommends users upgrade the affected product. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Pages

Subscribe to Cybersecurity