You are here

Home

Cybersecurity

AVEVA Wonderware License Server (ICSA-18-212-05) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory regarding a vulnerability of an improper restriction of operations within the bounds of a memory buffer in AVEVA Wonderware License Server. The vulnerability affects Wonderware License Server v4.0.13100 and prior using the vulnerable Flexara Imgrd (Versions 11.13.1.1 and prior); only users with the Counted Licenses feature with “ArchestrAServer.lic” are affected. Successful exploitation of this vulnerability may result in remote code execution with administrative privileges.

AVEVA InTouch Access Anywhere (ICSA-18-212-04) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory regarding a cross-site scripting (XSS) vulnerability in AVEVA InTouch Access Anywhere remote access software. The vulnerability affects AVEVA InTouch Access Anywhere, 2017 Update 2 and prior that use vulnerable jQuery libraries prior to version 3.0.0. Successful exploitation of this vulnerability may allow attackers to obtain sensitive information and/or execute Javascript or HTML code due to improper neutralization of input during web page generation.

Johnson Controls Metasys and BCPro (ICSA-18-212-02)

The NCCIC has released an advisory regarding an information exposure through an error message vulnerability in Johnson Controls Metasys and BCPro products. The vulnerability affects Metasys System, Versions 8.0 and prior, and BCPro (BCM), all versions prior to 3.0.2. Successful exploitation of this vulnerability could allow an attacker to obtain technical information about the Metasys or BCPro server, allowing an attacker to target a system for attack.

Davolink DVW-3200N (ICSA-18-212-01)

The NCCIC has released an advisory regarding the use of a password hash with insufficient computational effort vulnerability in Davolink DVW-3200N network switches. All versions of DVW-3200N prior to version 1.00.06 are affected. Successful exploitation of this vulnerability may result in a remote attacker obtaining the password to the device, as the device generates a weak password hash that is easily cracked. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level.

Business Continuity and Resilience – Considerations for Building an ICS Cybersecurity Strategy

Critical infrastructure organizations face cyber threats of all kinds, from state-sponsored and cyber crime actors to traditional IT threats. However, observations have identified common attack methodology and tradecraft regardless of industry. Gary Williams, Senior Director of Cybersecurity Services Offer Management at Schneider Electric, discusses how, while the threats and methods are similar, the uniqueness of OT environments requires security leaders to adopt different defense strategies, including greater employee engagement.

ICS Network Segmentation - The Difference Between an Internal Incident or Front Page Headline

There is no silver bullet in cybersecurity, but some strategies, like network segmentation, provide more bang for the cybersecurity buck. Effective network segmentation requires thorough knowledge about what is in the environment. This knowledge includes information beyond just the endpoints, such as regarding normal operational process workflows, as well as expected network communications. ICS cybersecurity expert Galina Antova discusses the priceless role network segmentation plays in protecting OT networks. Ms.

Government Agencies Receiving Suspicious Envelopes with Malware Infected CDs

The Delaware Information & Analysis Center (DIAC) has released a Cyber Alert warning that several state, local, tribal, and territorial governments have reported receiving suspicious envelopes containing malware infected CDs originating from China. Key features of these envelopes include Chinese postmarks, confusingly-worded letters with occasional Chinese characters, and SOCKO brand CD-Rs. DIAC’s alert contains sample photos of a letter, envelope, and CD. Members are encouraged to notify WaterISAC if they receive one of these envelopes. 

Dark Web Cyber Crime Market Thriving

Demand for malware creation is three times greater than supply, according to research by Positive Technologies into more than 10,000 hack-for-hire and malware-related postings on Dark Web markets. Its analysis included 25 sites on the Dark Web in Russian and English, with a total registered user base of about three million people. The leading type of malware available was cryptocurrency miners (20%), followed by hacking utilities (19%), botnet malware (14%), remote access Trojans (RATs) (12%), and ransomware (12%).

Business Continuity and Resiliency Planning – Asset Management

ICS security technology firm, Applied Risk discusses the importance of asset identification in ICS environments. The post explains how to approach asset identification and the benefits of passive monitoring solutions, not only to discover assets, but also for maintaining an up-to-date inventory, highlighting anomalies, and pinpointing operational problems – all while avoiding disruption to critical processes.

Iranian Man Who Hacked into U.S. Dam among FBI’s Most-Wanted Cyber Criminals

Business Insider has published an article highlighting some of the individuals on the FBI’s “Cyber’s Most Wanted” webpage. Many of these hackers are affiliated with nation-states, such as a group of Iranians who are believed to work for the “Mabna Institute” that conducts malicious cyber activities on behalf of the Iranian government. In the case of one Iranian hacker, who does not appear to be associated with the Mabna Institute, the suspect is believed to have hacked into the industrial control systems of a dam in upstate New York.

Pages

Subscribe to Cybersecurity