You are here

Home » Cybersecurity

Cybersecurity

GAIN Electronic Co. Ltd SAGA1-L Series (ICSA-18-296-02)

The NCCIC has released an advisory about authentication bypass by capture-replay, improper access control, and improper authentication vulnerabilities in GAIN Electronic Co. Ltd SAGA1-L Series. All firmware versions prior to A0.10 are affected. Successful exploitation of these vulnerabilities could allow remote code execution and potentially delete the product’s firmware. GAIN Electronic Co. Ltd has recommended that users update to firmware version A0.10. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Telecrane F25 Series (ICSA-18-296-03)

The NCCIC has released an advisory on an authentication bypass by capture-replay vulnerability in Telecrane F25 series. All versions prior to 00.0A are affected. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. Telecrane recommends upgrading to the latest firmware. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Advantech WebAccess (ICSA-18-296-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on stack-based buffer overflow, external control of file name or path, improper privilege management, and path traversal vulnerabilities in Advantech WebAccess. Versions 8.3.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system. Advantech has released Version 8.3.3 of WebAccess to address the reported vulnerabilities.

National Cybersecurity Awareness Month: Safeguarding the Nation’s Infrastructure Needs to Be “Our Shared Responsibility”

The theme for this week of National Cybersecurity Awarness Month is “Critical Infrastructure Cybersecurity,” for which the National Cyber Security Alliance (NCSA) is seeking to raise awareness of the important role individuals and organizations play in helping to protect the assets and systems we depend upon. “NCSA, [the U.S. Department of Homeland Security], and thousands of supporters are committed to reiterating the message that everyone shares a role in protecting cyberspace.

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Laquis SCADA (ICSA-18-289-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on untrusted pointer dereference, out-of-bounds read, integer overflow to buffer overflow, path traversal, out-of-bounds write, and stack-based buffer overflow vulnerabilities in LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Laquis SCADA. Smart Security Manager Versions 4.1.0.3870 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, crash the system, or write controlled content to the target system. LCDS recommends that users update to Version 4.1.0.4114.

FBI Releases Article on Defending Against Payroll Phishing Scams

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details.

How Cyber Secure is Your Utility?

An article by WaterISAC Lead Analyst Chuck Egli published in the October 2018 edition of the Water Environment Federation’s Water Environment & Technology magazine discusses the most significant threats to water and wastewater utilities today. Foremost among these are threats that emerge from nation-states like Russia China, Iran, and North Korea, all of which U.S. counterterrorism and law enforcement officials have issued warnings about in recent years and months.

National Cybersecurity Awareness Month: It’s Everyone’s Job to Ensure Online Safety at Work

The theme for this week of National Cybersecurity Awareness Month is “Workplace Security,” and the National Cyber Security Alliance (NCSA) reminds employees in all work environments that online safety and security are a responsibility shared by all. The NCSA recommends a top-down approach to create a culture of cybersecurity in the workplace and refers to a list of steps developed by the National Institute for Standards and Technology (NIST) it says will help businesses tremendously as they formulate plans to keep themselves secure.

Pages

Subscribe to Cybersecurity