You are here

Home » Cybersecurity

Cybersecurity

Siemens SCALANCE X Switches (ICSA-18-254-05) - Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an improper input validation vulnerability in Siemens SCALANCE X Switches. For SCALANCE X300 and X408, all versions prior to 4.0.0 are affected. For SCALANCE X414, all versions are affected. Successful exploitation of this vulnerability could allow an attacker with network access to the device to cause a denial-of-service condition. Siemens provides updates for SCALANCE X300, and SCALANCE X408, and provides mitigations for the SCALANCE X414.

Siemens SIMATIC WinCC OA (ICSA-18-254-04) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Siemens SIMATIC WinCC OA. SIMATIC WinCC OA Version 3.14 and prior are affected. Successful exploitation of this vulnerability could allow an unauthenticated remote user to escalate their privileges in the context of the program. Siemens recommends updating to SIMATIC WinCC OA v3.14-P021 and a series of manual mitigations to reduce risks. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Siemens TD Keypad Designer (ICSA-18-254-03) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Siemens TD Keypad Designer. All versions of this product are affected. Successful exploitation of this vulnerability could allow a local low-privileged attacker to escalate their privileges. Siemens has identified specific workarounds and mitigations that users can apply to reduce the risk. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

What is the Cost of a Social Media Account Hijacking?

Social media accounts are one of cyber criminals’ favorite things to hack. Victims have included celebrities, news organizations, large corporations, and government organizations. According to research coducted by social media and digitial protection firm ZeroFOX, organizations typically lose up to 5% of their followers during an account takeover. For large brands, this can mean losing hundreds of thousands of followers. For smaller brands, each follower is hard earned and generally more valuable, making the loss sting that much more.

Ice Qube Thermal Management Center (ICSA-18-249-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on improper authentication and unprotected storage of credentials vulnerabilities in Ice Qube Thermal Management Center. All versions prior to 4.13 are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to configuration files or obtain sensitive information. Ice Qube recommends that users of affected versions upgrade to the latest version of Thermal Management Center v4.13 or newer.

Google Mulls a Replacement for the URL Given Security Concerns

Uniform Resource Locators, or URLs, are the familiar web addresses you use every day. They direct browsers to the right addresses so you don't have to manage complicated routing protocols and strings of numbers. But over time, URLs have gotten more and more difficult to read and understand. Their opacity has been a boon for cyber criminals, who build malicious sites to exploit the confusion. They impersonate legitimate institutions, launch phishing schemes, hawk malicious downloads, and run phony web services.

DHS Secretary Warns of ‘Pandemic’ Cyber Attacks and Vulnerabilities

U.S. Department of Homeland Security Secretary Kirstjen Nielsen painted a daunting picture of the global digital landscape in a speech Wednesday, describing “a worldwide outbreak of cyber attacks and cyber vulnerabilities” that had moved from the “epidemic” to the “pandemic” stage. “Cyber attacks, in terms of their breadth and scope and possible consequences, now exceed the risk of physical attacks,” Nielsen said. “Cyberspace is now the most active battlefield, and the attack surface extends into every single American home,” she continued.

Opto22 PAC Control Basic and PAC Control Professional (ICSA-18-247-01)

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Opto22 PAC Control Basic and PAC Control Professional. PAC Control Basic versions R10.0a and prior and PAC Control Professional Versions R10.0a and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, and a buffer overflow condition may then allow remote code execution. Opto22 recommends users upgrade to the newest version. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Pages

Subscribe to Cybersecurity