Op-Ed Highlights Sector’s Cybersecurity Vulnerabilities
The New York Times has published an op-ed piece on water system cybersecurity.
Cybersecurity
NUUO CMS (Update A) (ICSA-18-284-02)
November 20, 2018
The NCCIC has updated this advisory with additional information on the technical details of the vulnerability. NCCIC/ICS-CERT.
October 11, 2018
Schneider Electric Modicon M221 (ICSA-18-324-02)
The NCCIC has released an advisory on an insufficient verification of data authenticity vulnerability in Schneider Electric Modicon M221. All versions of this product are affected. Successful exploitation of this vulnerability could cause a change of IPv4 configuration (IP address, mask, and gateway) when remotely connected to the device. Schneider Electric recommends a series of mitigations to reduce the risk. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
Teledyne DALSA Sherlock (ICSA-18-324-01)
The NCCIC has released an advisory on an stack-based buffer overflow vulnerability in Teledyne DALSA Sherlock. Version 7.2.7.4 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may allow remote code execution. Teledyne DALSA recommends users upgrade to Sherlock Version 7.2.7.5 or later. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
Forty-eight Percent of Electric Utility CEOs Think Cybersecurity Attack is Inevitable
According to a survey performed by KPMG, 48% of electric utility CEOs think a cyber attack against their organization is more a matter of “when” and not “if.” The survey also found that cybersecurity was among the top concerns for these CEOs, triggered in part by concerns from past incidents and intrusion attempts involving the electricity sector, some of which are highlighted. The survey also found that 58% of CEOs felt prepared to identify a cybersecurity threat and 59% identified cybersecurity specialists as the most important new role in their company.
Examination of Phishing Campaign by APT29, aka “Cozy Bear”
Cybersecurity firm FireEye reports it has detected intrusion attempts against multiple critical infrastructure sectors by the threat group it refers to as “APT29.” The latest campaign by the group involves a phishing email appearing to come from a public affairs official at the U.S. Department of State.
President Trump Signs Law Establishing DHS Cybersecurity and Infrastructure Security Agency
November 16, 2018
Holiday Scams and Malware Campaigns
The NCCIC has published an advisory reminding partners to be aware of seasonal scams and malware campaigns. It advises partners to be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, which could result in security breaches, identify theft, or financial loss. The advisory includes a series of recommended protective actions as well as response measures for victims.
What the ONWASA Ransomware Incident Can Teach about Responsible Disclosure
As previously discussed by WaterISAC (including at its web page here and during its October Cyber Threat Briefing), the Onslow Water and Sewer Authority (ONWASA) experienced a ransomware attack in mid-October that impacted its IT networks.
Microsoft Releases November 2018 Security Update
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server, Microsoft Dynamics 365 (on-premises) version 8, PowerShell Core, and Microsoft.PowerShell.Archive 1.2.2.0.
Pages
