Windows OS utilities like Powershell, PSExec, and other commonly available tools have made life easier for cyber threat actors. Symantec discusses this concept widely known as “living-off-the-land” that often provides attackers with greater benefits than creating their own malware. Malicious actors are taking advantage of these utilities to hide in plain sight as they know defenders often do not flag related activity for looking suspicious.
Although al Qa’ida is better known for its physical terror attacks than its cyber presence, it has practiced cyber terrorism and appears to be attempting to grow its capabilities in this area, according to an article in Small Wars Journal. Historically, the group’s cyber activities have been limited to using the Internet and social media to spread its jihad message as well as a few relatively minor attacks, such as website defacements.
People are creatures of habit, and predictable - these facets of our personalities are frequently taken advantage of by cyber threat actors looking to crack passwords from the latest data breach repository. Cybersecurity firm Rapid7 explains the password cracking process, and shows how users still create passwords with easily guessable, thus easily hackable, patterns. This post also highlights how these predictable patterns still allow miscreants to crack hashed/encoded passwords.
The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function. Yokogawa recommends users update or patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
August 21, 2018
The NCCIC has updated this advisory with additional details on mitigations. The original advisory was published on June 27, 2012. NCCIC/ICS-CERT.
June 27, 2012
With data breaches being commonplace, Tripwire offers a post reminding us of the role people play in preventing or enabling breaches and other cybersecurity incidents. Most studies over the last few years have consistently revealed that human error is responsible for well over 75% of cybersecurity and privacy breaches. While technology controls are an important part of an overall cybersecurity strategy, technology does fail from time-to-time, and when it does, people become the last (and best) cybersecurity defense.
In an interview with risk management firm Gate 15, WaterISAC Managing Director Michael Arceneaux discusses security issues, priorities, and efforts for the water and wastewater sector. The interview begins with a discussion of the sector being a critical lifeline sector, meaning that its compromise would put human health and economic security at risk if it were not restored quickly.
The NCCIC has released an advisory on uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emerson DeltaV DCS Workstations. DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations. Emerson recommends users patch the affected products.
The NCCIC has released an advisory on path traversal and improper authentication vulnerabilities in Tridium Niagara. Niagara AX Framework version 3.8 and prior and Niagara 4 Framework version 4.4 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. Tridium has provided updates to address the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.
The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
