You are here

Home » Cybersecurity

Cybersecurity

FBI Eyes Plethora of River-Related Threats

In an interview with the Associated Press, FBI Special Agent in Charge of the New Orleans Field Office Eric Rommal discusses the threats malicious actors could pose to industries that are dependent on the Mississippi River. He described scenarios in which actors exploit commercial ships or oil or gas refineries and pipelines to cause harm. Speaking of potential impacts to the area resulting from these scenarios, Special Agent Rommal noted drinking water utilities’ dependence on the Mississippi River for their raw water supplies.

Cyber Resilience and Security Awareness – Is Your Current Approach Effective?

As the TVA post highlights, company-wide awareness training has proven a success in their overall cyber resilience strategy. Email security firm, Mimecast shares a relevant post on the downsides to the lack of security awareness training and proposes a more balanced approach to prevent security fatigue. When evaluating current awareness programs, consider that security awareness should be convincing, engaging, and challenging – not obvious and boring.

Critical Infrastructure Cybersecurity - One of America’s Biggest Utility’s Shares Cybersecurity Journey

With a layered and isolated cyber defense strategy in place, Tennessee Valley Authority (TVA) states that despite the tens of thousands of attempts per day, including those conducted by nation states, they have not had any events that have impacted their operational capability. TVA, America’s largest government owned power utility, is considered one of the prime targets for a cyber attack.

Microsoft Releases August 2018 Security Update

Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server, and Visual Studio. Microsoft.

Siemens Automation License Manager (ICSA-18-226-03) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on relative path traversal and improper input validation vulnerabilities in Siemens Siemens Automation License Manager. For Automation License Manager 5, all versions prior to 5.3.4.4 are affected. For Automation License Manager 6, all versions prior to 6.0.1 are affected. Successful exploitation of these vulnerabilities could allow remote code execution or allow an attacker to determine port status on another remote system. Siemens has released updates to address these vulnerabilities.

Accenture – Cyber Threatscape Report 2018

Global technology consulting firm Accenture released their Cyber Threatscape Report 2018. The report highlights five key areas influencing the cyber threat landscape, including the expectation of Iran-based threat actors and groups to continue their malicious activity and increase capabilities for the foreseeable future, they also suggest the increased repurposing of popular malware could lead to the use of ransomware for destructive purposes by Iranian state-sponsored organizations.

NetComm Wireless 4G LTE Light Industrial M2M Router (ICSA-18-221-02)

The NCCIC has released an advisory on information exposure, cross-site request forgery, cross-site scripting, and information exposure through directory listing vulnerabilities in NetComm Wireless 4G LTE Light Industrial M2M Router. Versions 2.0.29.11 and prior of this product are affected. Successful exploitation of these vulnerabilities could allow for the exposure of sensitive information. NetComm Wireless has released a new firmware version to mitigate the vulnerabilities.

Crestron TSW-X60 and MC3 (ICSA-18-221-01)

The NCCIC has released an advisory on OS command injections, improper access control, and insufficiently protected credentials vulnerabilities in Creston TSW-X60 and MC3. For TSW-X60, all versions prior to 2.001.0037.001 are affected. For MC3, all versions prior to 1.502.0047.001 are affected. Successful exploitation of these vulnerabilities may allow remote code execution with escalated system privileges. Crestron recommends users upgrade their devices to the newest firmware.

Pages

Subscribe to Cybersecurity