You are here

Home

Cybersecurity

PHOENIX CONTACT Automation Worx Software Suite (ICSA-19-302-01)

CISA has published an advisory on an improper input validation vulnerability in PHOENIX CONTACT Automation Worx Software Suite. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could compromise the availability, integrity, or confidentiality of an application programming workstation. Automated systems programmed using one of the affected products are not impacted. Phoenix Contact is in the process of developing an updated version of this product.

Incident Response Ransomware: Part One

TrustedSec has published the first blog in what it says will become a three-part series on responding to a ransomware incident. Part one provides an introduction into what ransomware is, how it works, and how it spreads to systems within an organization. It also describes different types of ransomware and variations of ransomware tactics. While part two in this series will go more into the attack kill chain, this first segment provides an overview of the sequence of events that occur during infection. Part two will also discuss more of the ways to detect, protect, and prevent ransomware.

Building a Culture of Cyber Preparedness

Daniel Kaniewski, the deputy administrator for resilience at FEMA, has written an article on the importance of incorporating cybersecurity into overall preparedness efforts. He discusses FEMA’s coordination with the DHS Cybersecurity and Infrastructure Security Agency (CISA) and other efforts undertaken by his organization in this area, which include investments of over $165 million in grant funding to state and local jurisdictions. He also notes that next year’s national level exercise (NLE) – NLE 2020 – will feature a major cyber attack scenario.

Australian Advisory on Emotet Malware Campaign

The Australian Cyber Security Centre (ACSC) has released an advisory on an ongoing, widespread Emotet malware campaign. In its advisory, ACSC notes the malicious emails used in this campaign are designed to spread across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies. The advisory provides indicators of compromise (IOCs) and recommendations to help organizations defend against Emotet.

Honeywell IP-AK2 (ICSA-19-297-02) – Product Used in the Energy Sector

CISA has published an advisory on a missing authentication for critical function vulnerability in Honeywell IP-AK2. Versions 1.04.07 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to download configuration files directly through a URL without authentication, exposing configuration and authorized visitor information. Honeywell released new firmware Version 1.04.15 and recommends affected users contact Honeywell customer support to resolve the issue. CISA also recommends a list of actions to mitigate this vulnerability.

Rittal Chiller SK 3232-Series (ICSA-19-297-01) – Product Used in the Energy Sector

CISA has published an advisory on missing authentication for critical function and use of hard-coded credentials vulnerabilities in Rittal Chiller SK 3232-Series. The Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4 is affected. Successful exploitation of these vulnerabilities could disrupt the primary operations of the affected component, shut down cooling to other equipment, and allow changes to the temperature set point. CISA recommends users of the product contact Rittal directly for information about mitigating these vulnerabilities.

Building a Digital Defense against E-Skimming

The FBI’s Portland, Oregon office has published an advisory providing a background of and tips for defending against e-skimming. E-skimming occurs when cyber criminals inject malicious code onto a website. The threat actor may have gained access via a phishing attack targeting employees – or through a vulnerable third-party vendor attached to a company’s server. Organizations that need to be especially wary of this kind of activity include those that take credit card payments online, as threat actors can capture credit card data in real time as the user enters its.

Pages

Subscribe to Cybersecurity