Cybersecurity

The NCCIC has released an advisory on an improper input validation vulnerability in Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal). Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform a HTTP header injection attack. Siemens has provided updates for the products to fix the vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Mikko Hypponen, F-Secure’s Chief Research Officer, has a rule when it comes to electronic devices: “If it’s smart, it’s vulnerable.” Hypponen made this assertion over two years ago, and in that time it has become known as “Hypponen’s Law.” This law is becoming more applicable by the day, given the proliferation of smart technologies, which are increasingly present in both home and office environments, as well as in industrial settings.

Malicious threat actors commonly use legitimate IT network based tools against us – tools like Metasploit, PowerShell, PsExec, Nessus, and Shodan, that were originally developed to help defend and manage our networks. Following ongoing WaterISAC reporting, the NCCIC released an analysis report today illustrating the continued use of IT tactics, techniques, and procedures (TTPs) to gain footholds into our organizations.

Ping Identity conducted a survey of more than 3,000 people across the U.S., the U.K., France, and Germany to understand consumer sentiments and behaviors toward brands impacted by data breaches. They survey found that 78% of respondents would stop engaging with a brand online and 36% would stop engaging altogether if the brand had experienced a breach. Additionally, nearly half (49%) would not sign up and use an online service or application that recently experienced a data breach.