You are here

Home » Cybersecurity

Cybersecurity

LCDS LAquis SCADA (ICSA-20-119-01) – Product Used in the Energy and Water and Wastewater Sector

CISA has published an advisory on exposure of sensitive information to an unauthorized actor and improper input validation vulnerabilities in LCDS LAquis SCADA. Versions 4.3.1 and prior are affected. Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations. LCDS recommends users update to the latest version of LAquis SCADA. CISA also recommends a series of measures to mitigate the vulnerabilities.

Situational Awareness – Coronavirus Scam Developments, and Score a Couple for the Good Guys

An SRU would not be complete these days without highlights of coronavirus-related cyber activity. Today, we bring you another COVID-19 Key Developments from risk intelligence organization Flashpoint, including government responses, law enforcement actions, cybercrime activity related to coronavirus, and trends in mis/disinformation.

Sierra Wireless AirLink ALEOS (Update B) (ICSA-19-122-03) – Products Used in the Water and Wastewater and Energy Sectors

April 23, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

August 20, 2019

The NCCIC has updated this advisory with additionally information on mitigating measures. Read the advisory at CISA.

May 2, 2019

Security Awareness – Blackmail Scams Surge

If it seems like non-ransomware extortion (i.e., “sextortion”) scams have been inundating inboxes lately, cybersecurity firm Sophos confirms it has. In fact, potentially to the tune of tens or even hundreds of millions of messages, including at least five different variations in the past few days. Knowing there is no validity to the scammers claim, the messages are still unnerving and a nuisance, to say the least.

Microsoft Releases Security Updates for Multiple Products

Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft Advisory ADV200004 and apply the necessary updates.

FBI Alert on Extortion Email Scams

The FBI’s Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. The alert provides additional characteristics of these scams and offers a list of tips for protection.

Inductive Automation Ignition (ICSA-20-112-01) – Product Used in the Energy Sector

CISA has published an advisory on an improper access control vulnerability in Inductive Automation Ignition 8 Gateway. Versions prior to 8.0.10 are affected. Successful exploitation of this vulnerability could allow an attacker to write endless log statements into the database, which could result in a denial-of-service condition. Inductive Automation recommends upgrading Ignition 8 Gateway to v8.0.10. If this isn’t possible, it recommends a series of workarounds. CISA also recommends a series of measures to mitigate the vulnerability.

FBI Official Says Cyber Crime Reports Quadrupled during COVID-19 Pandemic

Speaking in an online panel last week, FBI Deputy Assistant Director Tonya Ugoretz said the number of cyber crime reports received by the FBI’s Internet Crime Complaint Center (IC3) has quadrupled compared to months before the pandemic. "Whereas they might typically receive 1,000 complaints a day through their internet portal, they're now receiving something like 3,000 - 4,000 complaints a day. Not all of those are COVID-related, but a good number of those are,” said Ugoretz. She also described the kinds of activity that have been reported to the IC3. "They really run the gamut.

Pages

Subscribe to Cybersecurity