VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager (vROps). A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware Security Advisory and apply the necessary mitigations.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an alert of the top ten routinely exploited vulnerabilities observed by it and the FBI and the broader U.S. government. The vulnerabilities are categorized into groupings for the top ten exploited from 2016 to 2019 and in 2020. Unsurprisingly, much of the activity observed in 2020 has exploited vulnerabilities in virtual private networks and cloud collaboration services, which are increasingly in use given unprecedented levels of remote work during the COVID-19 pandemic.
In a posting notifying partners that it is marking its twentieth anniversary, the FBI’s Internet Crime Complaint Center (IC3) reflects on how cyber crime has evolved over the course of its history. In its first full year of operation, the IC3 logged nearly 50 complaints. Most of them revolved around internet auction fraud, non-delivery scams, and the infamous messages from alleged princes or princesses with untapped fortunes they wanted to share with recipients. Average losses for victims were low, compared to today’s numbers (in 2001, the average victim lost $435).
When a file is open or locked, most ransomware applications can’t encrypt them without first shutting down the process involved. Applications like database or mail servers lock open files so that other programs can’t modify them. The lock prevents data from being corrupted by two processes writing to a file at the same time. But now the Sodinokibi (aka REvil) ransomware has a new feature for terminating processes that have locked a file, meaning it can encrypt such a file.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense have provided new information on malicious cyber activity by the North Korean government. In three new Malware Analysis Reports (MARs), these agencies discuss and provide technical information for three malware variants used by the North Korean government: COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH. In addition to providing malware descriptions, the MARs contain suggested response actions and recommended mitigation techniques.
CISA has published an advisory on improper validation of array index, relative path traversal, SQL injection, stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds read vulnerabilities in Advantech WebAccess Node. Versions 9.0.0 and 8.4.4 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech has released updated versions of the affected products to address the vulnerabilities.
In the Security & Resilience Update for March 31, 2020, WaterISAC reported on research related to the potential for more Stuxnet-style attacks against PLCs. Airbus Cybersecurity reported a similar Stuxnet-like vulnerability in Schneider Electric’s EcoStruxure Control Expert engineering software.
CISA has published an advisory on an uncontrolled search path element vulnerability in Fazecast jSerialComm. Versions 2.2.2 and prior of jSerialComm and versions 1.5.x, 1.6.x, and 1.7.x of EcoStruxure IT Gateway are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system. Fazecast recommends users update jSerialComm to Version 2.3 or later. Schneider Electric recommends users upgrade EcoStruxure IT Gateway to Version 1.8.1 or later.
CISA has published an advisory on cross-site scripting and path traversal vulnerabilities in SAE IT-systems FW-50 Remote Telemetry Unit (RTU). FW-50 RTU, Series: 5 Series; CPU-type: CPU-5B; Hardware Revision: 2; CPLD Revision: 6 is affected. Successful exploitation of these vulnerabilities may allow an attacker to execute remote code, disclose sensitive information, or cause a denial-of-service condition. SAE IT-systems has provided options for addressing these vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
Coronavirus cyber activity hasn’t abated. Today we bring you more scam highlights and key developments, including the U.S. Department of Homeland Security’s launch of “Operation Stolen Promise” and other initiatives in an attempt to combat these growing numbers of fraud attempts.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
