Cybersecurity

Mitsubishi Electric MELSEC iQ-R (ICSA-20-303-02)

CISA has published an advisory on a improper restriction of operations within the bounds of a memory buffer, session fixation, NULL pointer dereference, improper access control, argument injection, and resource management errors vulnerability in Mitsubishi Electric MELSEC iQ-R. Numerous versions of the products in these series are affected. Successful exploitation of these vulnerabilities by malicious attackers may result in network functions entering a denial-of-service condition or allow malware execution.

Read more about Mitsubishi Electric MELSEC iQ-R (ICSA-20-303-02)

Mitsubishi Electric MELSEC iQ-R, Q and L Series (ICSA-20-303-01)

CISA has published an advisory on an uncontrolled resource consumption vulnerability in Mitsubishi Electric MELSEC iQ-R, Q and L Series. Numerous versions of the products in these series are affected. Successful exploitation of this vulnerability could cause a denial-of-service condition in the Ethernet port on the CPU module. Mitsubishi Electric recommends users take a series of mitigation measures to minimize the risk of exploiting this vulnerability. CISA has also provided a series of measures to help mitigate the vulnerability.

Read more about Mitsubishi Electric MELSEC iQ-R, Q and L Series (ICSA-20-303-01)

Mitsubishi Electric MELSEC iQ-R Series (Update A) (ICSA-20-282-02)

October 29, 2020

CISA has updated this advisory with additional information on the affected products and mitigation measures. Read the advisory at CISA.

October 8, 2020

Read more about Mitsubishi Electric MELSEC iQ-R Series (Update A) (ICSA-20-282-02)

WECON LeviStudioU (Update B) (ICSA-20-238-03) – Product Used in the Water and Wastewater and Energy Sectors

October 29, 2020

CISA has updated this advisory with additonal information on the researcher who reported the vulnerabilities. Read the advisory at CISA.

October 20, 2020

Read more about WECON LeviStudioU (Update B) (ICSA-20-238-03) – Product Used in the Water and Wastewater and Energy Sectors

CISA Alert: Ransomware Activity Targeting the Healthcare and Public Heath Sector

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a joint alert with the FBI and the U.S. Department of Health and Human Services describing the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the healthcare and public health sector to infect systems with Ryuk ransomware for financial gain. In the alert, the authoring organizations state that they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Read more about CISA Alert: Ransomware Activity Targeting the Healthcare and Public Heath Sector

SHUN HU Technology JUUKO Industrial Radio Remote Control (ICSA-20-301-01)

CISA has published an advisory on authentication bypass by capture-replay and command injection vulnerabilities in SHUN HU Technology JUUKO Industrial Radio Remote Control. JUUKO K-800 and K-808, with firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc., are affected. Successful exploitation of these vulnerabilities could allow attackers to replay commands, control the device, view commands, and/or stop the device from running.

Read more about SHUN HU Technology JUUKO Industrial Radio Remote Control (ICSA-20-301-01)

Joint Cybersecurity Advisory on North Korean APT Kimsuky

Today the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the U.S. Cyber Command published a joint cybersecurity advisory describing the tactics, techniques, and procedures used by the North Korean advanced persistent threat (APT) group Kimsuky.

Read more about Joint Cybersecurity Advisory on North Korean APT Kimsuky

FTC Advisory on Overpaid Utility Bill Scams

The Federal Trade Commission (FTC) has posted an advisory on overpaid utility bill scams. While primarily intended for consumers, a utility could provide this advisory to its customers to help them identify and avoid these scams. According to the advisory, in this scam a customer receives a robocall saying they paid too much on a utility bill. To make up for this mistake, they’ll get a cash refund and a discount on future bills. All they have to do is provide some information, such as their social security number or account details, to get their money and discount.

Read more about FTC Advisory on Overpaid Utility Bill Scams

Microsoft Releases Security Update for Edge - Updated October 26, 2020

October 26, 2020

Read more about Microsoft Releases Security Update for Edge - Updated October 26, 2020

15CFAM – Detecting and Responding to Cyber Threats is So Much FUN!

Ok, maybe it takes a cybersecurity nerd to think cyber threat detection and incident response is fun. But be assured, if you aren’t monitoring and detecting cyber threats against your organization, it’ll be anything but fun trying to respond to an attack or other cyber incident.

Read more about 15CFAM – Detecting and Responding to Cyber Threats is So Much FUN!

You are here

Cybersecurity

Mitsubishi Electric MELSEC iQ-R (ICSA-20-303-02)

Mitsubishi Electric MELSEC iQ-R, Q and L Series (ICSA-20-303-01)

Mitsubishi Electric MELSEC iQ-R Series (Update A) (ICSA-20-282-02)

WECON LeviStudioU (Update B) (ICSA-20-238-03) – Product Used in the Water and Wastewater and Energy Sectors

CISA Alert: Ransomware Activity Targeting the Healthcare and Public Heath Sector

SHUN HU Technology JUUKO Industrial Radio Remote Control (ICSA-20-301-01)

Joint Cybersecurity Advisory on North Korean APT Kimsuky

FTC Advisory on Overpaid Utility Bill Scams

Microsoft Releases Security Update for Edge - Updated October 26, 2020

15CFAM – Detecting and Responding to Cyber Threats is So Much FUN!

Pages

You are here

Cybersecurity

Pages

Footer Email Signup