Cybersecurity

Australians Experienced 34 Percent Increase in Scams in 2019

Australians reported 167,797 scams to the Australian Competition and Consumer Commission (ACCC)-controlled Scamwatch in 2019, a 34 percent increase over the year prior. The financial impact in 2019 to Australians was just over $634 million (in Australian dollars). The greatest losses in 2019 by type of scam were: $132 million to business email compromise (BEC) scams, $126 million to investment scams, and $83 million lost to dating and romance scams.

Read more about Australians Experienced 34 Percent Increase in Scams in 2019

Australia Advisory (2020-008) Regarding “Copy-Paste Compromises” Targeting Multiple Australian Networks

The Cybersecurity and Infrastructure Security Agency (CISA) is passing through an Australian Cyber Security Centre ASCS Advisory 2020-008 regarding what it believes to be a sustained cyber attack against Australian government and commercial networks involving “copy-paste compromises.” While the attack is being attributed to a sophisticated state-based threat actor, the methods being used are described as nothing mo

Read more about Australia Advisory (2020-008) Regarding “Copy-Paste Compromises” Targeting Multiple Australian Networks

Microsoft Releases Security Updates for Windows

Microsoft has released security updates to address a vulnerability in Windows 10 version 1903. An attacker could exploit this vulnerability to overwrite or modify a protected file and gain elevated privileges. CISA encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1441 and apply the necessary updates.

Read more about Microsoft Releases Security Updates for Windows

The Perils of Third-Party Breaches - Fusion Centers, Police Departments, and Others Impacted by #BlueLeaks Trove of Stolen Data

On Friday, June 19, 2020, an Anonymous-aligned hacktivist group Distributed Denial of Secrets (DDoSecrets) published nearly 270GB of data stolen from technology service provider Netsential. DDoSecrets is a WikiLeaks-style organization that describes itself as a “transparency collective” whose goal is the “free transmission of data in the public interest” and Netsential manages portals for content delivery and membership for many law enforcement organizations, including police departments, fusion centers, and the FBI.

Read more about The Perils of Third-Party Breaches - Fusion Centers, Police Departments, and Others Impacted by #BlueLeaks Trove of Stolen Data

You say “SNAKE,” I say “EKANS” – The Misgivings of Malware Naming and Agitation of Attribution

Researchers have the right to dub malware findings whatever they want, but in doing so it seems prudent to avoid possible confusion with previous activity similarly named.

Read more about You say “SNAKE,” I say “EKANS” – The Misgivings of Malware Naming and Agitation of Attribution

Ripple20 Vulnerabilities Expected to Have Long Term Impacts on IoT Landscape

Earlier this week cybersecurity experts revealed 19 vulnerabilities in a small library developed by software company Treck that has been widely used and integrated into many enterprise and consumer-grade products over the last 20+ years.

Read more about Ripple20 Vulnerabilities Expected to Have Long Term Impacts on IoT Landscape

ICONICS GENESIS64, GENESIS32 (ICSA-20-170-03)

CISA has published an advisory on out-of-bounds write, deserialization of untrusted data, and code injection vulnerabilities in ICONICS GENESIS64, GENESIS32 The following products using GenBroker64, Platform Services, Workbench, FrameWorX Server; v10.96 and prior are affected: GENESIS64, Hyper Historian, AnalytiX, and MobileHMI. The following products using GenBroker32 v9.5 and prior are affected: GENESIS32 and BizViz. Successful exploitation of these vulnerabilities may allow remote code execution or denial of service. ICONICS is releasing a patch for the affected products.

Read more about ICONICS GENESIS64, GENESIS32 (ICSA-20-170-03)

Mitsubishi Electric MC Works64, MC Works32 (ICSA-20-170-02)

CISA has published an advisory on out-of-bounds write, deserialization of untrusted data, and code injection vulnerabilities in Mitsubishi Electric MC Works64, MC Works32. For MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions are affected. MC Works32 Version 3.00A (9.50.255.02) is also affected. Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering. Mitsubishi Electric recommends updating to the latest software version or applying security patches.

Read more about Mitsubishi Electric MC Works64, MC Works32 (ICSA-20-170-02)

Rockwell Automation FactoryTalk Services Platform (ICSA-20-170-04) – Product Used in the Water and Wastewater Sector

CISA has published an advisory on an improper input validation vulnerability Rockwell Automation FactoryTalk Services Platform. All versions of FactoryTalk Services Platform are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges. Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612 to determine if FactoryTalk Services Platform is installed.

Read more about Rockwell Automation FactoryTalk Services Platform (ICSA-20-170-04) – Product Used in the Water and Wastewater Sector

Rockwell Automation FactoryTalk View SE (ICSA-20-170-05) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on improper input validation, improper restriction of operations within the bounds of a memory buffer, permissions, privileges, and access controls, and exposure of sensitive information to an unauthorized actor vulnerabilities in Rockwell Automation FactoryTalk Services Platform. All versions of FactoryTalk View SE are affected. Successful exploitation of these vulnerabilities may allow a remote authenticated attacker to manipulate data of affected devices.

Read more about Rockwell Automation FactoryTalk View SE (ICSA-20-170-05) – Product Used in the Water and Wastewater and Energy Sectors

You are here

Cybersecurity

Australians Experienced 34 Percent Increase in Scams in 2019

Australia Advisory (2020-008) Regarding “Copy-Paste Compromises” Targeting Multiple Australian Networks

Microsoft Releases Security Updates for Windows

The Perils of Third-Party Breaches - Fusion Centers, Police Departments, and Others Impacted by #BlueLeaks Trove of Stolen Data

You say “SNAKE,” I say “EKANS” – The Misgivings of Malware Naming and Agitation of Attribution

Ripple20 Vulnerabilities Expected to Have Long Term Impacts on IoT Landscape

ICONICS GENESIS64, GENESIS32 (ICSA-20-170-03)

Mitsubishi Electric MC Works64, MC Works32 (ICSA-20-170-02)

Rockwell Automation FactoryTalk Services Platform (ICSA-20-170-04) – Product Used in the Water and Wastewater Sector

Rockwell Automation FactoryTalk View SE (ICSA-20-170-05) – Product Used in the Water and Wastewater and Energy Sectors

Pages

You are here

Cybersecurity

Pages

Footer Email Signup