October 30, 2018
The NCCIC has updated this advisory with additional information on the nature of the vulnerabilities, its evaluation of the risk presented, the affected products, and mitigation measures. NCCIC/ICS-CERT.
April 24, 2018
The NCCIC has released an advisory on an improper privilege management vulnerability in PEPPERL+FUCHS CT50-Ex. CT50-Ex running Android OS v4.4 and v6.0 are affected (the original manufacturer was Honeywell). Successful exploitation of this vulnerability could allow a malicious third-party application to gain elevated privileges and obtain access to sensitive information. An update is available that resolves this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
Emotet, the malware dropper that gained greater notoriety in recent weeks for its involvement in the Ryuk Ransomware incident that affected Onslow Water and Sewer Authority (ONWASA), reported by WaterISAC here, has awaken from its brief respite.
The U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has produced a new Security Tip, Proper Disposal of Electronic Devices. The NCCIC emphasizes that in addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal.
Based on research using open source intelligence resources, cybersecurity firm Trend Micro explores vulnerabilities for two of the most critical infrastructure lifelines. The report, Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries (posted below), demonstrates the ease of discovering and exploiting cyber assets in the water and energy sectors. Primarily using Shodan and other basic open source intelligence (OSINT) techniques, Trend Micro discovered exposed and vulnerable HMIs.
FireEye Intelligence has publicly disclosed information highly suggesting activity linked to TRITON is associated with a Russian government-owned technical research institution. In their recent report, FireEye explains several factors contributing to their assessment that the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM; a.k.a. ЦНИИХМ) is associated with the development of the secondary malware strains (activity now dubbed TEMP.Veles by FireEye) that aided in the deployment of the primary TRITON payload last November against a Saudi Arabian Petrochemical plant.
Over the past week, two supply-chain attacks have come to light. The first involves VestaCP, a control-panel interface that system administrators use to manage servers. According to security firm Eset, unknown attackers compromised VestaCP servers and used their access to make a malicious change to an installer that was available for download. “The VestaCP installation script was altered to report back generated admin credentials to vestacp.com after a successful installation,” said ESET Malware Researcher Marc-Étienne M.Léveillé.
The American Water Works Association's (AWWA's) Cybersecurity Risk & Responsibility in the Water Sector report seeks to help water utilities understand their cybersecurity risks and what they can do to address them. In addition to discussing the significant risks cyber poses to water utilities, which involves a review of some of the most notable cyber incidents involving the sector, the report also addresses less discussed but nonetheless important aspects of cybersecurity.
libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the libssh Security Release for additional information and apply the necessary updates.
Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. NCCIC/US-CERT.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
