The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take control of an affected system. Point-to-Point Protocol Daemon is used to establish internet links such as those over dial-up modems, DSL connections, and Virtual Private Networks.
The FBI’s Portland, Oregon office has published an advisory discussing best practices for organizations that have a “bring your own device,” or BYOD, policy. The advisory indicates that ideally personal devices wouldn’t be used, but acknowledging that they often are it recommends beginning by establishing a written BYOD policy.
In association with the Federal Trade Commission’s National Consumer Protection Week (March 1 to 7), the Social Security Administration (SSA) has designated March 5 as National “Slam the Scam” Day to educate Americans about telephone scammers impersonating government employees. As many water and wastewater utility personnel have experienced, scammers aim to gain potential victims’ trust and steal their money and personally identifiable information.
CISA has published an alert on multiple Bluetooth Low Energy (BLE) vulnerabilities with proof-of-concept (PoC) exploit code affecting a large number of IOT, Smart-home, wearable, and medical devices from vendors who utilize BLE wireless communication technology. CISA notes the alert was released without coordination with some of the affected vendors, adding that it has notified some of the vendors of the report and has asked them to confirm the vulnerabilities and identify mitigations.
CISA has published an advisory on an uncontrolled resource consumption vulnerability in Omron PLC CJ Series. All versions are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition. Omron recommends a series of mitigation measures. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in PHOENIX CONTACT Emalytics Controller ILC. All versions prior to 1.2.3 are affected. Successful exploitation of this vulnerability could allow an attacker to change the device configuration and start or stop services. Phoenix Contact strongly recommends affected users update to engineering software Emalytics v1.2.3 or higher and recommission the controllers. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on an improper access control vulnerability in Emerson ValveLink. Versions 12.0.264 to 13.4.118 are affected. Successful exploitation of this vulnerability could allow arbitrary code execution. Emerson recommends users upgrade the affected product. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on improper access control, use of hard-coded cryptographic key, os command injection, use of hard-coded credentials, classic buffer overflow, out-of-bounds read, stack-based buffer overflow, improper access control, and authentication bypass using an alternate path or channel vulnerabilities in Moxa AWK-3131A. Versions 1.13 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain control of the device and remotely execute arbitrary code. Moxa has created a security patch to mitigate these vulnerabilities.
At RSA Conference 2020 last week, Christopher Krebs, director of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said, “I think we’re on the verge of a national crisis when it comes to ransomware.” Krebs also spoke of his agency’s role in helping to prevent the pending crisis, noting that CISA strives to serve as the “nation’s risk advisor” and plans to continue to offer training for operators of critical infrastructure.
National Consumer Protection Week (NCPW) is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft. The U.S.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
