As pandemic operations become the new normal, WaterISAC continues to see cyber activity related to the coronavirus, though cybercriminals are shifting targets on a weekly basis. This week’s published trends largely involve impersonating government agencies to take advantage of institutional trust during a disaster.
The Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, Internal Revenue Service (IRS), and United States Secret Service (USSS) have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments – particularly attempts to steal payments, personal and financial information, and disrupt payment efforts. Read the alert at CISA.
Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA) encourages users and administrators to review Microsoft Advisory ADV200009 for more information and to apply the necessary mitigation or workaround.
CISA has published an advisory on SQL injection, path traversal, and argument injection vulnerabilities in Schneider Electric EcoStruxure Operator Terminal Expert. EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) are affected. Successful exploitation of these vulnerabilities could allow unauthorized write access or remote code execution. Schneider Electric recommends users update to EcoStruxure Operator Terminal Expert Version 3.1 Service Pack 1A. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on a cleartext storage of sensitive information vulnerability in Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS. Version 2.70 of Software House C-CURE 9000 and version 5.2 of American Dynamics victor VMS are affected. Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. Johnson Controls recommends a series of measures to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute for Standards and Technology (NIST) has released the final version of the Cybersecurity Practice Guide SP 1800-23, Energy Sector Asset Management. With this guide, the NCCoE intends to enhance the energy sector’s asset management capabilities for operational technology (OT).
CISA has published an advisory on missing authentication for critical function, improper ownership management, and inadequate encryption strength vulnerabilities in Emerson OpenEnterprise. All versions through 3.3.4 are affected. Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 5 (3.3.5), to resolve these issues. CISA also recommends a series of measures to mitigate the vulnerabilities.
CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer and SQL injection vulnerabilities in Rockwell Automation EDS Subsystem. Numerous products and version of these products are affected. Successful exploitation of these vulnerabilities could lead to a denial-of-service condition. Rockwell Automation recommends a series of measures to mitigate the vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
It’s no surprise that COVID-19-related issues are continuing to be used in cyber criminals’ activities, such as with the lures in phishing emails sent to victims. But the scale of the COVID-19-related cyber attacks continues to astound, with IBM’s Security Intelligence reporting it has seen a significant spike in this activity on a week-to-week basis.
Yesterday U.S. Department of Justice, FBI, and U.S. Small Business Administration (SBA) officials warned the public about potential fraud schemes related to economic stimulus programs intended to assist small business owners during the COVID-19 pandemic. “During these unprecedented times, when small business owners impacted by COVID-19 are doing their best to keep their businesses afloat, it is easy to fall prey to scammers.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
