The first Thursday in May, May 2 this year, is World Password Day, intended to raise awareness of password best practices and the need for strong passwords. To mark the occasion this year, two cybersecurity companies have taken unique approaches to motivate everyone to take password security more seriously.
The NCCIC has released an advisory on uncontrolled resource consumption and stack-based buffer overflow vulnerabilities in Rockwell Automation CompactLogix 5370. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to render the web server unavailable and/or place the controller in a major non-recoverable faulted state (MNRF).
New samples of Emotet have been observed using different post-infection traffic than previous versions, according to analysis just published by cybersecurity company Trend Micro. Additionally, that analysis revealed Emotet is attempting to use compromised connected devices as proxy command and control servers to evade detection. These discoveries also show that the malware is being used to compromise and collect vulnerable connected devices, which could become resources for other malicious purposes.
The NCCIC has published an advisory on an open redirect vulnerability in Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to input a malicious link redirecting users to a malicious website. Rockwell Automation has released a security advisory with mitigation steps. The NCCIC also provides a list of recommended measures for addressing the vulnerabilities.
The National Institute of Standards and Technology (NIST) has published a revised version of its Vetting the Security of Mobile Applications special publication. Despite their utility, mobile applications, or “apps,” can pose serious security risks to an organization and its users due to vulnerabilities that may exist within their software. Such vulnerabilities may be exploited to steal information, control a user’s device, deplete hardware resources, or result in unexpected app or device behavior.
Terbium Labs has released a report analyzing nearly 30,000 “how-to” guides for committing cyber fraud available on the Dark Web. These online documents typically include instructions on specific fraud capabilities such as account takeover, phishing, cashing out, doxing, synthetic fraud, and account creation. They could feature instructions, personal notes from the author on their experiences of what works and what doesn’t, social engineering and technical advice, and more.
A team consisting of researchers from Microsoft Research, Inria, and Carnegie Mellon University’s CyLab recently released the world's first verifiably secure industrial-strength cryptographic library – a set of code that can be used to protect data and is guaranteed to protect against the most popular classes of cyberattacks. The library is called “EverCrypt” and is available for download on GitHub. "With EverCrypt, we can rule out entire classes of vulnerabilities," said CybLab’s Bryan Parno, who is also an associate professor of Computer Science and Electrical and Computer Engineering.
Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. encourages users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.
The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom Wi-Fi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The NCCIC encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.
In the latest high-profile supply chain attack, IT consulting firm Wipro confirmed it experienced a phishing attack that may have allowed its systems to be used to target many of its clients. Wipro believes it was targeted, possibly by a nation-state attacker, who then used the company’s own systems to deliver follow up attacks on at least 12 of its customers. This incident is notable because of the perpetrators’ ability to compromise Wipro accounts, despite the company’s expertise in the area.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
