You are here

Home

Cybersecurity

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files (ICSA-19-073-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on an out-of-bounds write vulnerability in LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. SCADA 4.1.0.4150 is affected. Successful exploitation of this vulnerability could allow remote code execution. LCDS recommends users update to Version 4.3.1.71. The NCCIC also recommends a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.

Proposed Legislation for IoT Cybersecurity

On Monday, Sen. Mark Warner, co-chair of the Senate Cybersecurity Caucus introduced a bill into the House and Senate that would require the U.S. government to purchase only IoT devices that meet minimum security requirements. If passed, the Internet of Things Cybersecurity Improvement Act of 2019 requires the National Institute of Standards and Technology (NIST) to develop recommendations to ensure efforts are made to standardize secure development, identity management, patching, and configuration management of IoT devices.

Incident Response is a Must for Cybersecurity Strategy

An organizational cybersecurity strategy is not complete without an incident response plan. In a recent post, cyber-defense firm Exabeam highlights three elements of incident response: people, processes, and technology/tools. The post discusses the people that should compose the incident response team, including cross-organizational stakeholders who develop and govern the incident response plan.

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update C) (ICSA-18-067-01) – Products Used in the Energy Sector

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. This advisory was initially published on March 29, 2018 and last updated on February 5, 2019. Read the advisory at NCCIC/ICS-CERT.

May 17, 2018

Tags: 
ics-cert siemens

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G) (ICSA-18-088-03) – Products Used in the Water and Wastewater and Energy Sectors

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 5, 2019

Tags: 
nccic ics-cert siemens

Inside Emotet, the Malware Distributor

In terms of malware, Emotet has been among the greatest threats to water and wastewater utilities in recent months, infecting systems and deploying other types of malware. In one well-document example, in October 2018 Emotet dropped the Ryuk ransomware into the IT system for a North Carolina water utility (WaterISAC created a page on its portal and hosted presentations during webcasts in October and November about this incident).

Pages

Subscribe to Cybersecurity