Cybersecurity

Consumers Abandon Brands after Data Breaches, according to Survey

Ping Identity conducted a survey of more than 3,000 people across the U.S., the U.K., France, and Germany to understand consumer sentiments and behaviors toward brands impacted by data breaches. They survey found that 78% of respondents would stop engaging with a brand online and 36% would stop engaging altogether if the brand had experienced a breach. Additionally, nearly half (49%) would not sign up and use an online service or application that recently experienced a data breach.

Read more about Consumers Abandon Brands after Data Breaches, according to Survey

When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame

A article by cybersecurity expert Troy Hunt observes that intrusions into networks and systems are often made possible by employees’ poor choice of passwords at the targeted organization, rather than the sophisticated exploit of vulnerable code often suggested when attacks are disclosed. Troy notes that the tendency today is to imply that there is no responsibility on behalf of the victim.

Read more about When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame

Hackers Attack Utility Companies’ IT Systems rather than ICS, according to Report

According to cyber threat detection and hunting firm Vectra’s Spotlight Report on Energy and Utilities, utility companies are more likely to have hackers target their IT systems than attack critical infrastructure. It noted there is a difference between attacks that probe IT networks for information and access about critical infrastructure versus attacks against ICS. "The two are interconnected, but the targeted assets are different," the report’s authors said. "Cyber-criminals have been testing and mapping-out attacks against energy and utilities networks for years.

Read more about Hackers Attack Utility Companies’ IT Systems rather than ICS, according to Report

NCCIC Security Tip: Website Security

The U.S. Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has produced a new Security Tip, Website Security. Website security refers to the protection of personal and organizational public-facing websites from cyber attacks, and the Security Tip discusses their impacts and numerous methods for defending websites against them.

Read more about NCCIC Security Tip: Website Security

Rockwell Automation Stratix 5100 (Update A) (ICSA-17-299-02) – Product Used in the Water and Wastewater and Energy Sectors

November 1, 2018

The NCCIC has updated this advisory with additional information on mitigation measures. NCCIC/ICS-CERT.

October 26, 2017

Tags:

ics-cert rockwell

Read more about Rockwell Automation Stratix 5100 (Update A) (ICSA-17-299-02) – Product Used in the Water and Wastewater and Energy Sectors

Fr. Sauter AG Case Suite (ICSA-18-305-04)

The NCCIC has released an advisory on an improper restriction of xml external entity reference vulnerability in Fr. Sauter AG Case Suite. Versions 3.10 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to remotely retrieve unauthorized files from the system. Fr. Sauter AG recommends users apply Service Release 1 for the current CASE Suite Version 3.10. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Read more about Fr. Sauter AG Case Suite (ICSA-18-305-04)

Circontrol CirCarLife (ICSA-18-305-03)

The NCCIC has released an advisory on authentication bypass using an alternate path or channel and insufficiently protected credentials vulnerabilities in Circontrol CirCarLife. All versions prior to 4.3.1 are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials stored in clear text to bypass authentication, and see and access critical information. Circontrol has released a new version of the software. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Read more about Circontrol CirCarLife (ICSA-18-305-03)

Schneider Electric Software Update (ICSA-18-305-02) – Product Used in the Energy Sector

The NCCIC has released an advisory on a DLL hijacking vulnerability in Schneider Electric Software Update (SESU). All versions prior to 2.2.0 are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. Schneider Electric has created a fix for this vulnerability (Version 2.2.0). The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.

Read more about Schneider Electric Software Update (ICSA-18-305-02) – Product Used in the Energy Sector

AVEVA InduSoft Web Studio and InTouch Edge HMI (ICSA-18-305-01) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on stack-based buffer overflow and empty password in configuration file vulnerabilities in AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition). InduSoft Web Studio versions prior to 8.1 SP2 and InTouch Edge HMI versions prior to 2017 SP2 are affected. Successful exploitation of these vulnerabilities could allow an unauthenticated user to remotely execute code. AVEVA recommends that users upgrade to InduSoft Web Studio v8.1 SP2 and InTouch Edge HMI (formerly InTouch Machine Edition) 2017 SP2 as soon as possible.

Read more about AVEVA InduSoft Web Studio and InTouch Edge HMI (ICSA-18-305-01) – Products Used in the Water and Wastewater and Energy Sectors

How to Develop an Immersive Cybersecurity Simulation

An article from IBM provides steps to build an immersive simulation when cultivating an organization’s cybersecurity culture. A cybersecurity culture can’t be built with training alone – it must also involve exercises to ensure the policies personnel have been trained to uphold are effective and that the training to ensure compliance with these policies was effective.

Read more about How to Develop an Immersive Cybersecurity Simulation

You are here

Cybersecurity

Consumers Abandon Brands after Data Breaches, according to Survey

When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame

Hackers Attack Utility Companies’ IT Systems rather than ICS, according to Report

NCCIC Security Tip: Website Security

Rockwell Automation Stratix 5100 (Update A) (ICSA-17-299-02) – Product Used in the Water and Wastewater and Energy Sectors

Fr. Sauter AG Case Suite (ICSA-18-305-04)

Circontrol CirCarLife (ICSA-18-305-03)

Schneider Electric Software Update (ICSA-18-305-02) – Product Used in the Energy Sector

AVEVA InduSoft Web Studio and InTouch Edge HMI (ICSA-18-305-01) – Products Used in the Water and Wastewater and Energy Sectors

How to Develop an Immersive Cybersecurity Simulation

Pages

You are here

Cybersecurity

Pages

Footer Email Signup