January 28 is Data Privacy Day (DPD), an annual effort to promote data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus around the theme, A New Era in Privacy.
An article from CSO magazine describes how a hacker can send someone an email and capture their password hash, and then crack it to a plaintext password that can be used to access their accounts. Hashing is the act of converting passwords into unreadable strings of characters that are designed to be impossible to convert back, known as hashes. Cracking the password hash is possible because under easy-to-simulate circumstances, embedded links in an email can cause your computer to try authenticating to a remote server.
Cybersecurity company Check Point has just published its 2019 Security Report, presenting its analysis of the cyber threat environment collected from its global network of threat sensors and a new survey of IT professionals and C-suite level executives. Among its most interesting findings, the report notes that 37 percent of organizations globally were impacted by cryptomining malware in 2018. The report also states that cryptomining malware has evolved to exploit high-profile vulnerabilities and to evade sandboxes and security products to expand infection rates.
The NCCIC has released an advisory on improper authentication and cross-site scripting vulnerabilities in ControlByWeb X-320M. Versions 1.05 and prior are affected. Successful exploitation of these vulnerabilities may allow arbitrary code execution and could cause the device being accessed to require a physical factory reset to restore the device to an operational state. ControlByWeb has released a firmware update to address the vulnerabilities found on the X-320M. The NCCIC also advises on a series of mitigating measures for this vulnerability.
The NCCIC has released an advisory on an improper input validation vulnerability in ABB CP400 Panel Builder TextEditor 2.0. Versions 2.0.7.05 and prior are affected. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code and cause a denial-of-service condition within the Text Editor application. ABB recommends users of affected Versions 2.0.7.05 and prior update to the latest Version 2.1.7.21. The NCCIC also advises on a series of mitigating measures for this vulnerability.
An upward trend has been recorded with business email compromise (BEC) scams where fraudsters trick human resource departments into changing an employee's direct deposit information to divert paychecks into an account they control. In a typical BEC scam, the fraudster sends an email to an employee authorized to make wire transfers and deceives them into sending the money into an unauthorized account. The underlying principle remains the same, only this time the victim could be anyone in the company.
Following a short period of low activity during the holiday, Emotet operators are back at distributing through malicious email campaigns a new strain of their payload that carries new tricks. The message target users speaking different languages, luring them into opening an attached document laced with code that pulls in and installs the malware. The new variant can also check if the recipient's/victim's IP address is blacklisted or on a spam list maintained by services like Spamhaus, SpamCop, or SORBS.
Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.
Tuesday, January 29, 2019; 1:00 – 2:30 P.M. ET; webinar
NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) and the Water Information Sharing and Analysis Center (WaterISAC) launched a new security partnership aimed at enhancing cross-sector coordination and taking advantage of the interdependencies of the electricity and water industries.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
