CISA advises the Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability – CVE-2020-10713 – that a local attacker could exploit to take control of an affected system. CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has announced it will convene the third annual National Cybersecurity Summit this year as a series of events in September and October. More specifically, the series will consist of a two-hour webinars every Wednesday for four weeks, beginning September 16 and ending October 7. The summit will focus on providing cybersecurity strategies, policies and/or initiatives that facilitate collaboration between the full range of government, defense, civilian, intelligence, and law enforcement entities.
Several advisories were posted today concerning recent vulnerabilities disclosed by Claroty regarding VPN remote access devices widely used in industrial environments, including water and electric utilities. Devices from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws. In addition to allowing remote connectivity between sites, these devices are also used to enable remote access into PLCs and other Level 1/0 devices; a practice that has become much more prevalent in light of COVID-19.
As reported in the Security & Resilience Update on July 21, Emotet has arisen after its nearly six month snooze. At first it did not seem to be exhibiting any discernable new behavior as is typical for an Emotet awakening. But after more in-depth analysis researchers have since identified a new module designed to steal attachments.
CISA has published an advisory on a stack-based buffer overflow vulnerability in HMS Industrial Networks eCatcher. All versions prior to 6.5.5 are affected. Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution with highest privileges. HMS recommends users update eCatcher to Version 6.5.5 or later. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on heap-based buffer overflow and uncontrolled resource consumption vulnerabilities in Softing Industrial Automation OPC. All versions prior to the latest build of 4.47.0 are affected. Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution. Softing Industrial Automation has released an update to mitigate the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on improper neutralization of null byte or NUL character, off-by-one error, use of hard-coded credentials, and use of password hash with insufficient computational effort vulnerabilities in Secomea GateManager. All versions prior to 9.2c are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain remote code execution on the device. Secomea has released a new version to mitigate the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
July 28, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
July 1, 2020
The FBI has published a (TLP:WHITE) FLASH message providing indicators associated with the Netwalker Ransomware. The FBI states it has received notifications of Netwalker ransomware attacks on U.S. and foreign government organizations and private companies, among other entities, by unidentified cyber actors. It notes Netwalker became widely recognized in March following intrusions into an Australian transportation and logistics company.
When the longest‐serving (former) Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) speaks, people listen, or at least they should. The “joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously. Don’t be fooled — this isn’t a warning about the possibility of attacks. This is a warning that attacks have occurred and are ongoing as we speak,” wrote Marty Edwards in a recent post at Tenable.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
