Cybersecurity

Omron CX-Supervisor (ICSA-19-309-01) – Product Used in the Energy Sector

CISA has published an advisory on a use of obsolete function vulnerability in Omron CX-Supervisor. Versions 3.5 (12) and prior are affected. Successful exploitation of this vulnerability could result in information disclosure, total compromise of the system, and system unavailability. Omron recommends users update to CX-Supervisor 3.51 (9). CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Read more about Omron CX-Supervisor (ICSA-19-309-01) – Product Used in the Energy Sector

Omron Network Configurator for DeviceNet (Update A) (ICSA-19-134-01)

November 5, 2019

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

May 15, 2019

Read more about Omron Network Configurator for DeviceNet (Update A) (ICSA-19-134-01)

DHS Releases Updated Tool for Assessing Cybersecurity

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has just released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool intended to guide asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.

Read more about DHS Releases Updated Tool for Assessing Cybersecurity

Honeywell equIP and Performance Series IP Cameras (ICSA-19-304-03) – Products Used in the Energy Sector

CISA has published an advisory on a missing authentication for critical function vulnerability in Honeywell equIP and Performance Series IP Cameras. Honeywell reports the vulnerability affects the equIP series IP camera products listed fully Honeywell security notification 2019-09-13 01. Successful exploitation of this vulnerability could result in unauthenticated access. Honeywell has released firmware update packages for all affected products. CISA also recommends a series of measures to mitigate the vulnerability.

Read more about Honeywell equIP and Performance Series IP Cameras (ICSA-19-304-03) – Products Used in the Energy Sector

Honeywell equIP Series IP Cameras (ICSA-19-304-02) – Products Used in the Energy Sector

CISA has published an advisory on an improper input validation vulnerability in Honeywell equIP series IP cameras. Honeywell reports the vulnerability affects the equIP series IP camera products listed fully Honeywell security notification 2019-09-13 01. Successful exploitation of this vulnerability could result in denial-of-service conditions. Honeywell has released firmware update packages for all affected products listed above. CISA also recommends a series of measures to mitigate the vulnerability.

Read more about Honeywell equIP Series IP Cameras (ICSA-19-304-02) – Products Used in the Energy Sector

Advantech WISE-PaaS/RMM (ICSA-19-304-01) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech WISE-PaaS/RMM. Versions 3.3.29 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn. CISA also recommends a series of measures to mitigate the vulnerability.

Read more about Advantech WISE-PaaS/RMM (ICSA-19-304-01) – Products Used in the Water and Wastewater and Energy Sectors

Building a Digital Defense Using Virtual Private Networks

The FBI’s Portland, Oregon office has published an advisory discussing the use of virtual private networks, or VPNs. For those who use public WiFi networks for business or personal computing, VPNs are an incredibly important tool as they render traffic that could otherwise be intercepted by a third party – potentially a malicious actor – as unreadable. Given that there are many different types of VPNs on the market, the FBI offers a series of tips to assist in decisions about which one to choose.

Read more about Building a Digital Defense Using Virtual Private Networks

MS-ISAC Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center (MS-ISAC), a WaterISAC partner, has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the MS-ISAC advisory and the PHP Downloads page and apply the necessary updates.

Read more about MS-ISAC Advisory on PHP Vulnerabilities

CISA Malware Analysis Report on Recent North Korean Activity: “HOPLIGHT”

The DHS Cybersecurity and Infrastructure Security Agency (CISA) has published a Malware Analysis Report (MAR) on recent malicious cyber activity attributed to the North Korean government. This activity, referred to as “HOPLIGHT,” involves Trojan malware variants. The MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques. Users or administrators should flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch) and give the activity the highest priority for enhanced mitigation.

Read more about CISA Malware Analysis Report on Recent North Korean Activity: “HOPLIGHT”

Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems

The DHS Cybersecurity and Infrastructure Agency (CISA) has published a document on cybersecurity best practices for operating commercial unmanned aircraft systems (UASs). In the document, CISA explains that while UASs offer benefits, they can also pose cybersecurity risks that necessitate caution on the part of operators. The document is intended to assist an organization with standing up or securing an existing program and is meant for information technology managers and personnel involved in UAS operations.

Read more about Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems

You are here

Cybersecurity

Omron CX-Supervisor (ICSA-19-309-01) – Product Used in the Energy Sector

Omron Network Configurator for DeviceNet (Update A) (ICSA-19-134-01)

DHS Releases Updated Tool for Assessing Cybersecurity

Honeywell equIP and Performance Series IP Cameras (ICSA-19-304-03) – Products Used in the Energy Sector

Honeywell equIP Series IP Cameras (ICSA-19-304-02) – Products Used in the Energy Sector

Advantech WISE-PaaS/RMM (ICSA-19-304-01) – Products Used in the Water and Wastewater and Energy Sectors

Building a Digital Defense Using Virtual Private Networks

MS-ISAC Advisory on PHP Vulnerabilities

CISA Malware Analysis Report on Recent North Korean Activity: “HOPLIGHT”

Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems

Pages

You are here

Cybersecurity

Pages

Footer Email Signup