Cybersecurity

15CFAM – Cybersecurity Culture is FUN

Alas! We get to one of my (Jennifer Lyn Walker) favorite 15CFAM topics, cybersecurity culture. Walking back through WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide, we wrap up another three relevant FUNdamentals into one. For this ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series post we visit #8-Create a Cybersecurity Culture, #9-Develop and Enforce Cybersecurity Policies and Procedures, and #12-Tackle Insider Threats.

Read more about 15CFAM – Cybersecurity Culture is FUN

Oracle Releases October 2020 Security Bulletin

Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA) encourages users and administrators to review the Oracle October 2020 Critical Patch Update and apply the necessary updates.

Read more about Oracle Releases October 2020 Security Bulletin

Mozilla Releases Security Update – Updated October 21, 2020

October 21, 2020

Tags:

us-cert mozilla cyber vulnerabilities firefox thunderbird seamonkey

Read more about Mozilla Releases Security Update – Updated October 21, 2020

VMware Releases Security Updates - Updated October 20, 2020

October 20, 2020

Tags:

vmware us-cert

Read more about VMware Releases Security Updates - Updated October 20, 2020

CISA Launches Webpage to Help Partners Understand and Address Disinformation and Misinformation

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has just launched a #Protect2020 Rumor vs. Reality webpage, in which it addresses some common disinformation and misinformation rumors that can undermine public confidence in the electoral process. The webpage lists the disinformation or misinformation rumors, provides factual information to counteract this information, and offers resources to support these facts.

Read more about CISA Launches Webpage to Help Partners Understand and Address Disinformation and Misinformation

NSA Releases Advisory on Chinese State-sponsored Actors Exploiting Publicly Known Vulnerabilities

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Read the NSA advisory.

Read more about NSA Releases Advisory on Chinese State-sponsored Actors Exploiting Publicly Known Vulnerabilities

Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)

CISA has published an advisory on a classic buffer overflow vulnerability in Rockwell Automation 1794-AENT Flex I/O Series B. Versions 4.003 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution. Rockwell Automation recommends affected users ensure they are employing proper network segmentation and security controls when implementing the affected product. CISA also recommends a series of measures to mitigate this vulnerability.

Read more about Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)

Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector

CISA has published an advisory on an improper authentication vulnerability in Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer. XMC20 R4 using COGE5 versions older than co5ne_r1h07_12.esw and XMC20 R6 using COGE5 versions older than co5ne_r2d14_03.esw are affected. Successful exploitation of this vulnerability could allow an attacker to remotely take control of the product. Hitachi ABB Power Grids has corrected the problem in the different product versions and recommends users apply the firmware update at the earliest availability.

Read more about Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector

Juniper Networks Releases Security Updates - Updated October 15, 2020

October 15, 2020

Read more about Juniper Networks Releases Security Updates - Updated October 15, 2020

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system.

Read more about Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

You are here

Cybersecurity

15CFAM – Cybersecurity Culture is FUN

Oracle Releases October 2020 Security Bulletin

Mozilla Releases Security Update – Updated October 21, 2020

VMware Releases Security Updates - Updated October 20, 2020

CISA Launches Webpage to Help Partners Understand and Address Disinformation and Misinformation

NSA Releases Advisory on Chinese State-sponsored Actors Exploiting Publicly Known Vulnerabilities

Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)

Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector

Juniper Networks Releases Security Updates - Updated October 15, 2020

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Pages

You are here

Cybersecurity

Pages

Footer Email Signup