Another round of cyber attacks reportedly targeted Israeli water infrastructure in June. According to officials, two cyber attacks took place. Reports state that one of the attacks hit agricultural water pumps in upper Galilee, while the other one hit water pumps in the central province of Mateh Yehuda.
Last week, researchers observed Emotet awake from its 160 day slumber. The “public cyber enemy,” as Malwarebytes is calling it, seemed to warm-up as it began lightly populating inboxes on July 13. But by July 17, the malspam onslaught commenced with nearly a quarter million messages. Emotet usually emerges out of hibernation with a new tactic in its arsenal, but so far nothing remarkable.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about malicious cyber actors using network tunneling and spoofing to obfuscate geolocation. According to the alert, attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. Attribution requires analysis of multiple variables, including location.
Prior reporting in multiple Security & Resilience Updates, most recently on June 18, 2020, has covered OT-aware ransomware families, notably EKANS, MegaCortex, and LockerGoga. Newly published research from FireEye suggests additional families are now incorporating common OT processes in their kill list.
As included in the Spotlight section of the Security & Resilience Update on Tuesday, Microsoft released a patch for CVE-2020-1350, a critical remote code execution (RCE) vulnerability dubbed SIGRed. All Windows Server versions from 2008 to the present are vulnerable. SIGRed only affects Windows DNS Servers; Windows DNS clients are not susceptible. However, SIGRed is wormable so it can be spread between vulnerable devices without user interaction.
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates.
Yesterday afternoon fake Tweets began circumnavigating the Twitter-sphere after a malicious actor presumably gained access to Twitter’s internal systems and tools. In what is believed to be a coordinated social engineering attack, several high-profile and Twitter-verified globally influential accounts tweeted fake cryptocurrency messages among millions of followers.
CISA has published an advisory on a classic buffer overflow vulnerability in Siemens LOGO! Web Server. Numerous versions are affected. Successful exploitation of this vulnerability could allow remote code execution. Should the attacker gain access to the session cookies, they could then hijack the session and perform arbitrary actions in the name of the victim. Siemens recommends users apply upgrades. It has also identified specific workarounds and mitigations customers can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on an uncontrolled resource consumption vulnerability in Siemens SIMATIC S7-200 SMART CPU family. Versions 2.2 and later, prior to v2.5.1, are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. Siemens recommends users update to v2.5.1 and limit network access to device to trusted sources. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on a cleartext transmission of sensitive information vulnerability in Siemens SIMATIC HMI Panels. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow an attacker to affect the availability, read sensitive data, and gain remote code execution on the affected devices. Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
