Andy Behrens puts all 30 projected MLB closers into tiers to help you know when to chase saves in your 2025 fantasy baseball drafts.
March 2025
Mavericks’ Kyrie Irving out for season after suffering torn ACL
Irving had to be helped off the court early in the Mavericks’ loss to the Kings on Monday night.
Fantasy Basketball: 5 players to trade for, 5 to say goodbye to before Yahoo’s default deadline
Yahoo Fantasy Basketball’s default trade deadline is on the horizon. Dan Titus can help you make the proper last-minute deals.
Tariff-exposed stocks feel the squeeze as trade war heats up
Tariff-exposed stocks feel the squeeze as trade war heats up
New cabinet formed in Bermuda following election
Tuesday, March 4, 2025
On February 25, a new cabinet was sworn in in Bermuda, following the general election, with five women among its members.
A week earlier, the ruling Progressive Labour Party (PLP) won the general election with a majority of seats.
David Burt, who has served as the Premier of Bermuda since 2017, led the his party to its third consecutive victory. The party won 12,300 votes, nearly half of all votes cast, and won 25 of the 36 constituencies.
The main opposition party One Bermuda Alliance (OBA) gained five seats. Their leader Jarion Richardson conceded defeat and said “democracy is about choice … Bermudians have made theirs.”
The Free Democratic Movement (FDM) and all 26 independent candidates, to include former Premier Sir John Swan, failed to win a seat.
Fewer voters participated than in the previous election, which took place during the COVID-19 pandemic.
Sister links
Sources
- “Photos: Cabinet Ministers Swearing-In Ceremony” — Ber News, February 27, 2025
- Gareth Finighan. “Education ministry changes hands in Cabinet shake-up” — The Royal Gazette, February 26, 2025
- Stefano Ausenda. “Governor congratulates Premier after election win” — The Royal Gazette, February 19, 2025
- “Bermuda’s Burt leads ruling party to third consecutive victory” — Jamaica Observer, February 19, 2025
- Gary Foster Skelton. “PLP wins election amid historically low voter turnout” — Bermuda Broadcasting, February 19, 2025
Hitachi Energy UNEM/ECST
1. EXECUTIVE SUMMARY
- CVSS v4 6.8
- ATTENTION: Low Attack Complexity
- Vendor: Hitachi Energy
- Equipment: XMC20, ECST, UNEM
- Vulnerability: Improper Validation of Certificate with Host Mismatch
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Hitachi Energy reports that the following products are affected:
- XMC20: Versions prior to R16B
- ECST: Versions prior to 16.2.1
- UNEM: Versions prior to R15A
- UNEM: R15A
- UNEM: R15B PC4 and prior
- UNEM: R16A
- UNEM: R16B PC2 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER VALIDATION OF CERTIFICATE WITH HOST MISMATCH CWE-297
Hitachi Energy is aware of a vulnerability that affects the ECST client application which if exploited could allow attackers to intercept or falsify data exchanges between the client and the server.
CVE-2024-2462 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-2462. A base score of 6.8 has been calculated; the CVSS vector string is (CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER
Darius Pavelescu and Bernhard Rader from Limes Security reported this vulnerability to Hitachi Energy.
4. MITIGATIONS
Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:
- UNEM R16B PC2 and earlier: Update to UNEM R16B PC3 or later and apply general mitigation factors.
- UNEM R15B PC4 or prior: Update to UNEM R15B PC5 and apply general mitigation factors. (Update planned)
- UNEM R16A, UNEM R15A: EOL versions – no fix will be available. Apply general mitigation factors. It should be noted that users with a UNEM R16A installation are entitled to an update to the UNEM R16B given the R16B is not in an inactive lifecycle state.
- XMC20 less than R16B: Update to XMC20 R16B
- ECST less than 16.2.1: Update to ECST_16.2.1
The following product versions have been fixed:
- UNEM R16B PC3 or later is a fixed version.
- UNEM R15B PC5 is a fixed version.
- XMC20 R16B is a fixed version.
- ECST 16.2.1 is a fixed version.
For more information see the associated security advisory 8DBD000203 – SSH Host Key Verification Vulnerability in Hitachi Energy’s UNEM/ECST Product.
Hitachi Energy recommends users implement recommended security practices and firewall configurations to help protect the process control network from attacks originating from outside the network. Process control systems should be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and be separated from other networks by means of a firewall system with a minimal number of ports exposed. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
5. UPDATE HISTORY
- March 4, 2025: Initial Publication
2025 Indian Wells Open: How to watch the tennis tournament, full broadcast schedule and more
It’s time for the Indian Wells Open.