Cybersecurity

Emerson DeltaV Distributed Control System (ICSA-19-190-01) – Product Used in the Energy Sector

The NCCIC has published an advisory on a use of hard-coded credentials vulnerability in Emerson DeltaV Distributed Control System. Versions 11.3.x and 12.3.x are affected. Successful exploitation of this vulnerability could allow an attacker to gain administrative access to DeltaV Smart Switches. Emerson recommends users patch affected products. The NCCIC also advises of a series of measures for mitigating this vulnerability. Read the advisory at CISA.

Read more about Emerson DeltaV Distributed Control System (ICSA-19-190-01) – Product Used in the Energy Sector

Siemens CP1604 and CP1616 (Update A) (ICSA-19-043-06) – Products Used in the Water and Wastewater Sector

July 9, 2019

The NCCIC has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.

February 12, 2019

Read more about Siemens CP1604 and CP1616 (Update A) (ICSA-19-043-06) – Products Used in the Water and Wastewater Sector

U.S. Cyber Command Issues Alert about Hackers Exploiting Outlook Vulnerability

Last week, U.S. Cyber Command issued an alert via Twitter about threat actors abusing an Outlook vulnerability to plant malware on government networks. The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in October 2017. U.S. Cyber Command recommends immediate patching, if not done already.

Read more about U.S. Cyber Command Issues Alert about Hackers Exploiting Outlook Vulnerability

The True Cost of Paying Ransoms – Pay a Lot Now, or Pay a Lot More Later

Paying ransom demands in the hopes of regaining access to critical data is controversial, to say the least. Succumbing to extortion goes against conventional advice and wisdom against incentivizing the cybercrime business model, but sometimes organizations feel they have no other choice and paying seems like the best option at the time. However, paying a ransom is not straightforward.

Read more about The True Cost of Paying Ransoms – Pay a Lot Now, or Pay a Lot More Later

ACSC Releases Updated Essential Eight Maturity Model

The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight – ACSC’s list of the top mitigation strategies to help organizations protect their systems against threats.

Read more about ACSC Releases Updated Essential Eight Maturity Model

Quest KACE Systems Management Appliance (ICSA-19-183-02)

The NCCIC has published an advisory on an improper input validation vulnerability in KACE Systems Management Appliance. All versions of 8.0.x, 8.1.x, and 9.0.x are affected. Successful exploitation of this vulnerability could allow an administrative user unintentional access to the underlying operating system of the device. Quest recommends affected users upgrade to Version 9.1 or newer. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.

Read more about Quest KACE Systems Management Appliance (ICSA-19-183-02)

Protecting Our Critical Infrastructure from the Crow’s Nest

In the face of the diminished air-gap, former NSA Director and U.S. Cyber Commander, Michael S. Rogers, and Claroty’s Chief Security Officer Dave Weinstein suggest America’s critical infrastructure is not vulnerable because it is digital or automated, but because the attackers know the terrain better than the defenders.

Read more about Protecting Our Critical Infrastructure from the Crow’s Nest

Rules of Engagement for Cyber War Needed Before Someone Gets Hurt

With escalating tensions against the US from Iran, their perceived allies and proxies we have been informed of the increased cyber threat particularly against our industrial control systems. As the very same systems that provide for our livelihoods are being targeted by faceless enemies egregiously putting human lives at risk, it is past time for rules of engagement for cyber war to be agreed upon before lives are lost.

Read more about Rules of Engagement for Cyber War Needed Before Someone Gets Hurt

SICK MSC800 (ICSA-19-178-04)

The NCCIC has published an advisory on a use of hard-coded credentials vulnerability in SICK MSC800. All versions prior to 4.0 are affected. Successful exploitation of this vulnerability could allow a low-skilled remote attacker to reconfigure settings and/or disrupt the functionality of the device. SICK recommends affected users upgrade to the latest firmware version (v4.0). The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.

Read more about SICK MSC800 (ICSA-19-178-04)

ABB CP635 HMI (ICSA-19-178-03)

The NCCIC has published an advisory on use of hard-coded credentials vulnerability in ABB CP635 HMI. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to prevent legitimate access to an affected system node, remotely cause an affected system node to stop, take control of an affected system node, or insert and run arbitrary code in an affected system node. ABB recommends users apply the BSP update on affected CP600 control panels at their earliest convenience.

Read more about ABB CP635 HMI (ICSA-19-178-03)

You are here

Cybersecurity

Emerson DeltaV Distributed Control System (ICSA-19-190-01) – Product Used in the Energy Sector

Siemens CP1604 and CP1616 (Update A) (ICSA-19-043-06) – Products Used in the Water and Wastewater Sector

U.S. Cyber Command Issues Alert about Hackers Exploiting Outlook Vulnerability

The True Cost of Paying Ransoms – Pay a Lot Now, or Pay a Lot More Later

ACSC Releases Updated Essential Eight Maturity Model

Quest KACE Systems Management Appliance (ICSA-19-183-02)

Protecting Our Critical Infrastructure from the Crow’s Nest

Rules of Engagement for Cyber War Needed Before Someone Gets Hurt

SICK MSC800 (ICSA-19-178-04)

ABB CP635 HMI (ICSA-19-178-03)

Pages

You are here

Cybersecurity

Pages

Footer Email Signup