The NCCIC has released an advisory on hard-coded credentials and missing authentication for critical function vulnerabilities in Universal Robots Robot Controllers. CB 3.1, SW Version 3.4.5-100 is affected. Successful exploitation of these vulnerabilities could allow a remote attacker to run arbitrary code on the device. Universal Robots has recommended a series of remedial actions to address these vulnerabilities.
Microsoft has released its monthly update to address vulnerabilities in its software.
Looking back on the cyber incidents that occurred in the first six months of 2018, an article from Wired magazine concludes that corporate security isn't getting better fast enough, critical infrastructure security hangs in the balance, and state-backed hackers from around the world are getting bolder and more sophisticated. It cites Russia’s deployment of the NotPetya malware and hacking of the U.S. electric grid (activity that also affected water and wastewater utilities), rampant data exposures, and the breach of Under Armor’s fitness app to support its assertions.
Gemalto has released its findings into research it conducted about how companies use the data they collect from customers. One of the most surprising and alarming findings is that nearly two-thirds (65%) of organizations said they don’t possess the necessary resources to analyze all the consumer data they collect. If companies can’t analyze all of the data they collect, they likely don’t know all of the types of data they are collecting. And if they don’t know the types of data they are collecting, how can they classify it and apply the appropriate security controls for the data?
An article from VPN Compass points to statistics from Akamai’s latest State of the Internet report as a sign that high impact cyber attacks, such as those that affect the operations of critical infrastructure facilities, are starting to occur more frequently and that there
With greater awareness and emphasis on industrial cybersecurity over the past 12-18 months, ICS cybersecurity expert Galina Antova suggests next steps for organizations on the path toward greater situational awareness and industrial cybersecurity risk reduction. Now that asset owners are accepting this new reality, Ms. Antova encourages that it is time to effect change and prioritize a cybersecurity strategy. Part of the basic strategy involves understanding the environment, expanding risk and governance models, and keeping executives and boards apprised of the evolving threat landscape.
In a security awareness trifecta, three leading cybersecurity organizations posted resources to help users recognize, understand, and avoid a few currently trending risks that affect our physical and digital lives. First, McAfee Labs explains the penchant for cyber actors in leveraging current physical events like The Olympics and World Cup, and the potential cyber implications to unwary fans.
The NCCIC has released an advisory regarding several vulnerabilities affecting multiple Allen-Bradley Stratix 5950 Security Appliances running Cisco ASA v9.6.2 and earlier. The vulnerabilities include improper input validation, improper certificate validation, and resource management errors. Successful exploitation of these vulnerabilities could allow an attacker to bypass client certification to create connections to the affected device or cause the device to crash. These vulnerabilities are remotely exploitable.
As the concern over insider threats grows, SecurityWeek offers a post to help dispel some common myths and misconceptions for deterring, detecting, and responding. The post highlights the fact that this threat is not always malicious or intentional, but often unintentional and/or negligent. The difference between a formal insider threat program and the use of detection tools is also delineated.
Cybersecurity firm Kaspersky Lab and research consulting firm PAC collaborated on a recent study on the State of Industrial Cybersecurity 2018. The study investigated concerns regarding cyber attacks in industrial control environments, including likelihood of becoming a victim, as well as attack detection capabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
