You are here

Home » Cybersecurity

Cybersecurity

Siemens SICAM A8000 RTU Series (ICSA-19-038-01) – Product Used in the Energy Sector

The NCCIC has published an advisory on an uncaught exception vulnerability in Siemens SICAM A8000 RTU Series. Multiple versions are affected. The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote users to cause a denial-of-service condition on the web server of affected products. Siemens has released updates for all product variants and recommends users update to the new versions. The NCCIC also advises on a series of mitigating measures for these vulnerabilities.

U.S. Experienced 14 Billion-Dollar Weather Disasters in 2018, According to NOAA

As part of its ongoing effort to track billion-dollar weather disasters, the National Oceanic and Atmospheric Administration (NOAA) reports there were 14 such events in the U.S. in 2018. Cumulatively, these events cost around $91 billion in damages. Both the number of events and their combined cost means 2018 ranks fourth highest since records began in 1980. Topping the list of disasters were Hurricane Michael, which caused $25 billion in damages, followed by the western U.S. wildfires and Hurricane Florence, which each caused $24 billion in damages.

Phishing Has Become the Root of Most Cyber Evil

Companies spend a huge amount of time and billions of dollars on security technology to keep threat actors out, and yet employees can negate all of these efforts by clicking on phishing links. According to one cybersecurity company, phishing was the root cause of 48 percent of the breaches it investigated. Many penetration testers have also confirmed the number one way to breach a company is by stealing a user’s credentials via phishing.

Canada is an “Attractive Target” for New Cyber Attack Techniques, Security Expert Testifies

Canada is an attractive target for malicious cyber operations and is often one of the first countries criminals and hostile nations target with new methods, cybersecurity expert and former CIA analyst Christopher Porter told Canada’s House of Commons committee Wednesday. Porter is the chief intelligence strategist at FireEye and was an analyst at the CIA for nine years, where he was tasked with briefing President Barack Obama’s National Security Council on cybersecurity.

Electric Company Suffers Security Breach due to Downloaded Game

A corporate computer infected with the Azorult information-stealing Trojan at a South African energy supplier led to the exposure of the company’s network credentials, customer information, redacted customer credit card information, and sensitive business information. According to a screenshot created by Azorult when it was installed, the infection was masquerading as a downloader for The Sims 4 game. Downloading software has always been a common source for computer infections, but over the last few months has increasingly become more problematic.

Report Urges Government and Private Firms Collaborate to Prevent Being Caught “Flat-Footed” during a Major Cyber Attack

A new report issued by the Foundation for Defense of Democracies (FDD) urges private companies and the U.S. government to work more closely together to help mitigate the impacts of a major cyber attack. The report is based on findings from a tabletop exercise the FDD hosted in October that featured a scenario in which several critical functions, including the U.S. power grid, were attacked at once.

Microsoft Releases Security Advisory for Exchange Server

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center's Vulnerability Note VU#465632 and consider the workarounds until an update is available.

Marvell Avastar Wi-Fi Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to take control of an affected system. The NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU#730261 for more information and refer to vendors for appropriate updates, when available.

Pages

Subscribe to Cybersecurity