Cybersecurity

Siemens SCALANCE W1750D (ICSA-18-282-02) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on cryptographic issues in Siemens SCALANCE W1750D. All versions prior to 8.3.0.1 are affected. Successful exploitation of this vulnerability could allow an attacker to decrypt TLS traffic. Siemens provides a firmware update (v8.3.0.1) and recommends users to update to the new version. To reduce the risk, Siemens recommends administrators restrict access to the web interface of the affected devices. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Read more about Siemens SCALANCE W1750D (ICSA-18-282-02) – Product Used in the Water and Wastewater and Energy Sectors

Computer Hardware Compromised by China Found in U.S. Telecom

In a follow-up to an article it published last week (and included in the October 4 SRU) that China had infiltrated U.S. companies by planting a tiny chip in computer hardware during its manufacture, Bloomberg reports a major telecommunications company discovered the presence of the manipulated hardware and removed it in August.

Read more about Computer Hardware Compromised by China Found in U.S. Telecom

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

The NCCIC, in collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre, has released a joint Activity Alert that highlights five publicly available tools frequently observed in cyber incidents worldwide. The alert provides an overview of each tool, its capabilities, and recommended best practices network defenders can use to protect their networks against these tools.

Read more about NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

Siemens SIMATIC WinCC OA Operator IOS App (Update A) (ICSA-18-109-01) – Products Used in the Water and Wastewater and Energy Sectors

October 9, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

April 9, 2018

Read more about Siemens SIMATIC WinCC OA Operator IOS App (Update A) (ICSA-18-109-01) – Products Used in the Water and Wastewater and Energy Sectors

Siemens Medium Voltage SINAMICS Products (Update A) (ICSA-18-128-01) – Products Used in the Water and Wastewater and Energy Sectors

October 9, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

May 9, 2018

Tags:

nccic ics-cert siemens

Read more about Siemens Medium Voltage SINAMICS Products (Update A) (ICSA-18-128-01) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A) (ICSA-18-226-01) – Products Used in the Water and Wastewater and Energy Sectors

October 9, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

August 14, 2018

Read more about Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A) (ICSA-18-226-01) – Products Used in the Water and Wastewater and Energy Sectors

Microsoft Releases October 2018 Security Update

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Microsoft Exchange Server. Microsoft.

Read more about Microsoft Releases October 2018 Security Update

Who’s Willing to Pay for Supply Chain Security?

In the past week, the NCCIC released two technical alerts (TA18-276A and TA18-276B) and Bloomberg published an article about cyber threats that had exploited vulnerabilities in supply chains.

Read more about Who’s Willing to Pay for Supply Chain Security?

National Cybersecurity Awareness Month: Careers in Cybersecurity

The theme for this week of National Cybersecurity Awareness Month is “Careers in Cybersecurity,” which seeks to provide advice and resources to those seeking careers in cybersecurity and organizations in need of cybersecurity personnel and expertise. The unprecedented demand for well-trained cybersecurity workers continues to grow. Some experts predict that there will be a global shortage of two million cybersecurity professionals by next year.

Read more about National Cybersecurity Awareness Month: Careers in Cybersecurity

The Bigger the Company, the Messier the Password Practices

A new report from password management company LogMeIn finds that the bigger the enterprise, the bigger the problem when it comes to managing passwords. The company’s recently released Global Password Security Report scores its 43,000 customers on password strength, reuse, and use of multi-factor authentication. While the average score equaled a 52 out of 100 — a score LogMeIn considers to be good — the numbers generally showed the larger the company, the lower the average security score.

Read more about The Bigger the Company, the Messier the Password Practices

You are here

Cybersecurity

Siemens SCALANCE W1750D (ICSA-18-282-02) – Product Used in the Water and Wastewater and Energy Sectors

Computer Hardware Compromised by China Found in U.S. Telecom

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

Siemens SIMATIC WinCC OA Operator IOS App (Update A) (ICSA-18-109-01) – Products Used in the Water and Wastewater and Energy Sectors

Siemens Medium Voltage SINAMICS Products (Update A) (ICSA-18-128-01) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC STEP 7 and SIMATIC WinCC (Update A) (ICSA-18-226-01) – Products Used in the Water and Wastewater and Energy Sectors

Microsoft Releases October 2018 Security Update

Who’s Willing to Pay for Supply Chain Security?

National Cybersecurity Awareness Month: Careers in Cybersecurity

The Bigger the Company, the Messier the Password Practices

Pages

You are here

Cybersecurity

Pages

Footer Email Signup