You are here

Home » Cybersecurity

Cybersecurity

SpiderControl SCADA WebServer (ICSA-18-338-02)

The NCCIC has released an advisory on a reflected cross-site scripting vulnerability in SpiderControl SCADA WebServer. Successful exploitation of this vulnerability could allow an attacker to execute JavaScript on the victim’s browser. Versions prior to 2.03.0001 are affected. SpiderControl has released Version 2.03.0001, which fixes the vulnerability.  The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Omron CX-One (ICSA-18-338-01)

The NCCIC has released an advisory on stack-based buffer overflow and use after free vulnerabilities in Omron CX-One. Versions 4.42 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. Omron has released an updated version of CX-One to address the reported vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Protecting against Identity Theft

As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, such as a credit card, and run up bills in the victim’s name. The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the following tips to help reduce the risk of falling prey to identity theft:

INVT Electric VT-Designer (ICSA-18-333-01) – Product Used in the Energy Sector

The NCCIC has released an advisory on deserialization of untrusted data and heap-based buffer overflow vulnerabilities in INVT Electric VT-Designer. VT-Designer 2.1.7.31 is affected; other versions could also be affected. Successful exploitation of these vulnerabilities could cause the program to crash and may allow remote code execution. INVT Electric’s mitigations for these vulnerabilities are not yet available. In the meantime, the NCCIC recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

How Do Attacks against Utilities Work?

A Cisco blog post explores the stages used in an attack against a utility, which the author notes can take many months to execute. These stages include gaining a point of entry, conducting reconnaissance, and executing lateral movement and exfiltration which, according to the blog post, can enable attackers to gain access to ICS and SCADA files and workstations. The blog post lists a series of measures for mitigating against these security risks, which include employing two-factor authentication, effectively managing all assets, and limiting access to applications to only trusted users.

NCCIC Technical Alert – Major Online Ad Fraud Operation “3ve”

The U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) has issued an joint Technical Alert with the FBI about a major online ad fraud operation, which they refer to as “3ve.” According to the Technical Alert, 3ve created fake versions of premium websites and visitors to those websites, funneling the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border Gateway Protocol-hijacked IP addresses.

Justice Department Issues Indictment of Iranian Men for SamSam Ransomware, Discusses Tactics Used in Campaign

The U.S. Department of Justice reports two Iranian men have been indicted on charges of having executed the 34-month-long international computer hacking and extortion scheme involving the “SamSam” ransomware. The six-count indictment alleges that the two men, acting from inside Iran, created the first version of the SamSam in December 2015, and developed refined versions in June and October 2017.

Securing Devices during Holiday Travel

As the holiday season begins, many people will travel with their mobile devices. Although these devices - such as smart phones, tablets, and laptops - offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices.

Pages

Subscribe to Cybersecurity