You are here

Home » Cybersecurity

Cybersecurity

President’s Infrastructure Council Urges Bold Action to Prevent “Cyber 9-11”

In a draft letter to President Trump, the National Infrastructure Advisory Council (NIAC) warned of serious cybersecurity threats facing critical infrastructure, threats it submits the nation is not currently prepared to counter. The NIAC calls out threats from nation states in particular and makes reference to recent activities by China, Russia, and Iran to highlight their capabilities and the types of attacks that could unfold.

Siemens SIMATIC S7-1200 and S7-1500 CPU Families (ICSA-19-344-06) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on use of a broken or risky cryptographic algorithm and missing support for integrity check vulnerabilities in Siemens S7-1200 and S7-1500 CPU Families. Multiple versions of multiple products are affected. Successful exploitation of these vulnerabilities may allow an attacker to modify network traffic or impact the perceived integrity of the user program stored on the CPU. Siemens has released updates for some of the products and recommends users update to the new versions.

Siemens XHQ Operations Intelligence (ICSA-19-344-05) – Product Used in the Energy Sector

CISA has published an advisory on cross-site request forgery, improper neutralization of script-related HTML tags in a web page, and improper input validation vulnerabilities in Siemens XHQ Operations Intelligence products. All versions of the product are affected. Successful exploitation of these vulnerabilities could allow an attacker to read or modify contents of the web application. Siemens recommends users update XHQ Operations Intelligence product line to v6.0.0.2 or later. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens RUGGEDCOM ROS (ICSA-19-344-03)

CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer and resource management errors vulnerabilities in Siemens RUGGEDCOM ROS. All versions of multiple products are affected. Successful exploitation of these vulnerabilities could allow a denial-of-service condition or arbitrary code execution. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities.

Siemens SiNVR 3 (ICSA-19-344-02)

CISA has published an advisory on cleartext storage of sensitive information in GUI, improper authentication, relative path traversal, missing authentication for critical function, weak cryptography for passwords, and exposed dangerous method or function vulnerabilities in Siemens SiNVR. All versions of SiNVR Central Control Server and Video Server are affected.

Siemens SCALANCE W700 and W1700 (ICSA-19-344-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on an improper enforcement of message integrity during transmission in a communication channel vulnerability in Siemens SCALANCE W700 and W1700. For SCALANCE W700, versions 6.3 and prior are affected. For SCALANCE W1700, versions 1.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to access confidential data. Siemens recommends installing the following software updates to address this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.

44 Million Microsoft Users Reused their Compromised Passwords

Earlier this year, a Microsoft team scanned all customer accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services. Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases. The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts. "For the leaked credentials for which we found a match, we force a password reset.

No Link between Cyber Attack and Navy Base Attack, according to FBI

The FBI said it has found no signs of any link between a cyber attack on the computer systems for the city of Pensacola, Florida and the attack at the local Naval Air Station in which three sailors were killed and eight others were wounded. The city became aware of the cyber attack early Saturday, just hours after the shooting at the Pensacola Naval Air Station that occurred on Friday. City officials expressed uncertainty over whether the incidents were related but reached out federal authorities as a precaution.

Pages

Subscribe to Cybersecurity