With a layered and isolated cyber defense strategy in place, Tennessee Valley Authority (TVA) states that despite the tens of thousands of attempts per day, including those conducted by nation states, they have not had any events that have impacted their operational capability. TVA, America’s largest government owned power utility, is considered one of the prime targets for a cyber attack.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server, and Visual Studio. Microsoft.
The NCCIC has released an advisory on relative path traversal and improper input validation vulnerabilities in Siemens Siemens Automation License Manager. For Automation License Manager 5, all versions prior to 5.3.4.4 are affected. For Automation License Manager 6, all versions prior to 6.0.1 are affected. Successful exploitation of these vulnerabilities could allow remote code execution or allow an attacker to determine port status on another remote system. Siemens has released updates to address these vulnerabilities.
Global technology consulting firm Accenture released their Cyber Threatscape Report 2018. The report highlights five key areas influencing the cyber threat landscape, including the expectation of Iran-based threat actors and groups to continue their malicious activity and increase capabilities for the foreseeable future, they also suggest the increased repurposing of popular malware could lead to the use of ransomware for destructive purposes by Iranian state-sponsored organizations.
Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. A remote attacker could exploit this vulnerability to take control of an affected system.
The NCCIC has released an advisory on information exposure, cross-site request forgery, cross-site scripting, and information exposure through directory listing vulnerabilities in NetComm Wireless 4G LTE Light Industrial M2M Router. Versions 2.0.29.11 and prior of this product are affected. Successful exploitation of these vulnerabilities could allow for the exposure of sensitive information. NetComm Wireless has released a new firmware version to mitigate the vulnerabilities.
The NCCIC has released an advisory on OS command injections, improper access control, and insufficiently protected credentials vulnerabilities in Creston TSW-X60 and MC3. For TSW-X60, all versions prior to 2.001.0037.001 are affected. For MC3, all versions prior to 1.502.0047.001 are affected. Successful exploitation of these vulnerabilities may allow remote code execution with escalated system privileges. Crestron recommends users upgrade their devices to the newest firmware.
At Black Hat USA last week, industrial cybersecurity firm, Nozomi Networks revealed findings and a live demonstration of the malware attack known as TRITON/TRISIS/HatMan. For those new to this community, Nozomi includes a brief summary of the malware in their whitepaper.
The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
The NCCIC has provided a Malware Analysis Report (MAR) of KEYMARBLE, a Trojan malware variant used by HIDDEN COBRA. The U.S. government refers to all malicious cyber activity by the North Korean government as HIDDEN COBRA. This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
