Cybersecurity

OSIsoft PI Web API (ICSA-19-225-02) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on inclusion on sensitive information in log files and protection mechanism failure vulnerabilities in OSIsoft PI Web API. PI Web API 2018 and prior are affected. Successful exploitation of these vulnerabilities may allow direct attacks against the product and disclose sensitive information. OSIsoft recommends users upgrade to PI Web API 2018 SP1 or later to resolve these issues. The NCCIC also recommends a series of measures to mitigate the vulnerabilities.

Read more about OSIsoft PI Web API (ICSA-19-225-02) – Products Used in the Water and Wastewater and Energy Sectors

Microsoft Releases August 2019 Security Updates

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Visual Studio, Online Services, Active Directory, and Microsoft Dynamics. Read the update at Microsoft.

Read more about Microsoft Releases August 2019 Security Updates

Australia Releases Advisory on Password Spraying Attacks

The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks, noting it is aware of a high volume of such attacks targeting Australian organizations. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.

Read more about Australia Releases Advisory on Password Spraying Attacks

U.S. Accounts for More than Half of World’s Ransomware Attacks

According to Malwarebytes’ Q1 2019 Cybercrime Tactics and Techniques report, the U.S. is the country most affected by ransomware, with data from the company revealing that 53 percent of ransomware detections came from the country. Canada, which is the second most impacted country in the list, accounts for 10 percent of the ransomware detections. Further analysis of the statistics shows that ransomware attacks were most prevalent in Texas and California.

Read more about U.S. Accounts for More than Half of World’s Ransomware Attacks

Wind River VxWorks (Update A) (ICSA-19-211-01) – Products Used in the Water and Wastewater Sector

August 8, 2019

The NCCIC has updated this advisory by noting that Dräger and Schneider Electric, which are vendors of products that are affected by vulnerability, have released security advisories related to their products. Read the advisory at CISA.

July 30, 2019

Read more about Wind River VxWorks (Update A) (ICSA-19-211-01) – Products Used in the Water and Wastewater Sector

Penetration Testing – Use Caution When Selecting a Provider

While penetration tests (pentests) are a valuable tool in the cyber-quiver to find network vulnerabilities before the bad guys do, a lack of standards contribute to questionable practices that expose sensitive client data in publicly available repositories.

Read more about Penetration Testing – Use Caution When Selecting a Provider

SWAPGS Spectre Side-Channel Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1 – that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory. Spectre is a flaw an attacker can exploit to force a program to reveal its data.

Read more about SWAPGS Spectre Side-Channel Vulnerability

FTC Releases Alert on the Capital One Data Breach

The Federal Trade Commission (FTC) has released an alert on the Capital One data breach that exposed the personal information of 106 million Capital One credit card customers and applicants. FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware of potential phishing scams related to the breach.

Read more about FTC Releases Alert on the Capital One Data Breach

El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events.

Read more about El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

NIST Publishes Multifactor Authentication Guide

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) has published Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce, which discusses multifactor authentication (MFA) protection methods that can be implemented to reduce fraudulent purchases. Although this guide it specifically intended for online retailers, it can still be of use to any organization that receives payments from customers in online environments.

Read more about NIST Publishes Multifactor Authentication Guide

You are here

Cybersecurity

OSIsoft PI Web API (ICSA-19-225-02) – Products Used in the Water and Wastewater and Energy Sectors

Microsoft Releases August 2019 Security Updates

Australia Releases Advisory on Password Spraying Attacks

U.S. Accounts for More than Half of World’s Ransomware Attacks

Wind River VxWorks (Update A) (ICSA-19-211-01) – Products Used in the Water and Wastewater Sector

Penetration Testing – Use Caution When Selecting a Provider

SWAPGS Spectre Side-Channel Vulnerability

FTC Releases Alert on the Capital One Data Breach

El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

NIST Publishes Multifactor Authentication Guide

Pages

You are here

Cybersecurity

Pages

Footer Email Signup