Cybersecurity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) reports multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device. CISA encourages users and administrators to update to the most recent firmware version and to replace end-of-life devices that are no longer supported with security patches. Given the increase in telework, CISA recommends that CISOs consider the risk that these vulnerabilities present to business networks.

CISA has published an advisory on an improper restriction of XML external entity reference vulnerability in Rockwell Automation FactoryTalk Services Platform. Versions 6.11.00 and earlier affected. Successful exploitation of this vulnerability could lead to a denial-of-service condition and to the arbitrary reading of any local file via system level services. Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612 to determine if FactoryTalk Services Platform is installed.

There is no question, this new age surrounding COVID-19 has definitely forced all organizations to rethink, reassess, reaffirm, or redesign many policies and procedures. ICS organizations are no exception. However, perhaps one of the critical functions that has not been given its due attention is incident response. Likewise, incident response is often not given its due attention under the best of times.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a Trust in Smart City Systems report. It is intended to serve as a resource guide for discussions between smart city decision-makers, designers, and implementers during the initial, high-level design of a smart city project and make decisions based on a more complete understanding of the tradeoffs.