The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have jointly released a comprehensive technical advisory on previously undisclosed Linux malware they are attributing to Russian advanced persistent threat (APT) actors. The malware, dubbed Drovorub, is being associated to APT28/Fancy Bear, a Russian group notoriously known for the 2016 Democratic National Committee attacks.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert advising that is has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.
Following up on the alert it released on August 12 (and that WaterISAC reported on in it August 13 Security and Resilience Update), the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises that the U.S.
The Apache Software Foundation has released a security advisory to address vulnerabilities in Struts in the version range 2.0.0 – 2.5.20. An attacker could exploit one of these vulnerabilities to take control of an affected system. The current version, Struts 2.5.22, is not affected.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises that Microsoft has released security updates to address two vulnerabilities – CVE-2020-1380 and CVE-2020-1464 – that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple Windows products. An attacker could exploit these vulnerabilities to take control of an affected system.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert advising it is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes a cross-site scripting vulnerability (CVE-2020-6284) in NetWeaver (Knowledge Management). CISA encourages users and administrators to review the SAP Security Notes and apply the necessary updates.
CISA has published an advisory on a classic buffer overflow vulnerability in Siemens SCALANCE and RUGGEDCOM. For RUGGEDCOM RM1224, all versions prior to 6.3 are affected. For SCALANCE M-800 / S615, all versions prior to 6.3 are affected. Successful exploitation of this vulnerability could allow an attacker to gain unauthenticated access to a device and cause a buffer overflow to execute custom code. Siemens recommends applying the updates available for each of the products. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on a synchronous access of remote resource without timeout vulnerability in Tridium Niagara. For Niagara, versions 4.6.96.28, 4.7.109.20, 4.7.110.32, and 4.8.0.110 are affected. For Niagara Enterprise Security, versions 2.4.31, 2.4.45, and 4.8.0.35 are affected. Successful exploitation of this vulnerability could result in a denial-of-service condition. Tridium has released updates that mitigate this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on improper authentication and path traversal vulnerabilities in Yokogawa CENTUM. Multiple products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands. Yokogawa recommends a series of mitigation measures. CISA also recommends a series of measures to mitigate the vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
