You are here

Home

Cybersecurity

Cybersecurity Hygiene – Avoid Password Predictability

People are creatures of habit, and predictable - these facets of our personalities are frequently taken advantage of by cyber threat actors looking to crack passwords from the latest data breach repository. Cybersecurity firm Rapid7 explains the password cracking process, and shows how users still create passwords with easily guessable, thus easily hackable, patterns. This post also highlights how these predictable patterns still allow miscreants to crack hashed/encoded passwords.

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows (ICSA-18-233-01) – Product Used in the Energy Sector

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function. Yokogawa recommends users update or patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

Security Awareness - It's All About Us

With data breaches being commonplace, Tripwire offers a post reminding us of the role people play in preventing or enabling breaches and other cybersecurity incidents. Most studies over the last few years have consistently revealed that human error is responsible for well over 75% of cybersecurity and privacy breaches. While technology controls are an important part of an overall cybersecurity strategy, technology does fail from time-to-time, and when it does, people become the last (and best) cybersecurity defense.

An Interview with WaterISAC Managing Director Michael Arceneaux

In an interview with risk management firm Gate 15, WaterISAC Managing Director Michael Arceneaux discusses security issues, priorities, and efforts for the water and wastewater sector. The interview begins with a discussion of the sector being a critical lifeline sector, meaning that its compromise would put human health and economic security at risk if it were not restored quickly.

Emerson DeltaV DCS Workstations (ICSA-18-228-01) – Product Used in the Energy Sector

The NCCIC has released an advisory on uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emerson DeltaV DCS Workstations. DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations. Emerson recommends users patch the affected products.

Tridium Niagara (ICSA-18-191-03)

The NCCIC has released an advisory on path traversal and improper authentication vulnerabilities in Tridium Niagara. Niagara AX Framework version 3.8 and prior and Niagara 4 Framework version 4.4 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. Tridium has provided updates to address the vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

FBI Eyes Plethora of River-Related Threats

In an interview with the Associated Press, FBI Special Agent in Charge of the New Orleans Field Office Eric Rommal discusses the threats malicious actors could pose to industries that are dependent on the Mississippi River. He described scenarios in which actors exploit commercial ships or oil or gas refineries and pipelines to cause harm. Speaking of potential impacts to the area resulting from these scenarios, Special Agent Rommal noted drinking water utilities’ dependence on the Mississippi River for their raw water supplies.

Cyber Resilience and Security Awareness – Is Your Current Approach Effective?

As the TVA post highlights, company-wide awareness training has proven a success in their overall cyber resilience strategy. Email security firm, Mimecast shares a relevant post on the downsides to the lack of security awareness training and proposes a more balanced approach to prevent security fatigue. When evaluating current awareness programs, consider that security awareness should be convincing, engaging, and challenging – not obvious and boring.

Pages

Subscribe to Cybersecurity