Cybersecurity

CISA Announces CVE “Vulnrichment” Program to Fill CVE Enrichment Gap

The recent slowdown in NIST’s National Vulnerability Database, which oversees CVE enrichment and provides the valuable cataloging of vulnerabilities that cyber professionals rely upon, has caused CISA to take action. NIST’s analysts have managed to analyze only 4523 of the 14,280 CVEs they received since the start of the year, making this an increasingly urgent problem. CISA has announced it is creating a new program, called “Vulnrichment,”, that aims to fill the CVE enrichment gap.

Read more about CISA Announces CVE “Vulnrichment” Program to Fill CVE Enrichment Gap

Security Awareness – The Importance of Adapting Phishing Training Methods

As has been the case since the dawn of the digital era, the world of cybersecurity is in constant transformation. Threat actors are always modifying their tactics as cybersecurity teams strive to maintain situational awareness. When it comes to social engineering and phishing, attackers are constantly refining their methods making it ever more important for organizations to update security awareness curriculum to incorporate information on the latest strategies.

Read more about Security Awareness – The Importance of Adapting Phishing Training Methods

Passthrough – CISA and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

Today, together with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners, CISA released the following guidance: “Secure-by-Design Choosing Secure and Verifiable Technologies.” This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services.

Read more about Passthrough – CISA and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Four Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2024

Supplemental Cyber Highlights – May 7, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

Read more about Supplemental Cyber Highlights – May 7, 2024

Ransomware Incident Awareness – City of Wichita Public Services Disrupted After Ransomware Incident

WaterISAC is sharing this for member awareness. The City of Wichita reported a ransomware incident that started over the weekend and shut down much of the city’s core services which have yet to be restored. As reported, the incident affected a wide portion of public services including the city’s airport, public transport, and water department. It appears this incident has only impacted the water account billing systems, which is highly common with cyber incidents at cities/municipalities.

Read more about Ransomware Incident Awareness – City of Wichita Public Services Disrupted After Ransomware Incident

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 7, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 7, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Two Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 7, 2024

Supplemental Cyber Highlights – May 2, 2024

Critical Infrastructure

Read more about Supplemental Cyber Highlights – May 2, 2024

Passthrough – Joint CSA: North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

The FBI, the Department of State, and the NSA jointly issued an advisory to highlight attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) Kimsuky cyber actors to exploit improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts.

Read more about Passthrough – Joint CSA: North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

Threat Awareness – Dropbox Discloses Breach of Digital Signature Service Affecting All Users

WaterISAC is sharing this for member awareness. Utilities using Dropbox Sign (with or without an account) are encouraged to review and address accordingly.

Read more about Threat Awareness – Dropbox Discloses Breach of Digital Signature Service Affecting All Users

You are here

Cybersecurity

CISA Announces CVE “Vulnrichment” Program to Fill CVE Enrichment Gap

Security Awareness – The Importance of Adapting Phishing Training Methods

Passthrough – CISA and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2024

Supplemental Cyber Highlights – May 7, 2024

Ransomware Incident Awareness – City of Wichita Public Services Disrupted After Ransomware Incident

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 7, 2024

Supplemental Cyber Highlights – May 2, 2024

Passthrough – Joint CSA: North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

Threat Awareness – Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Pages

You are here

Cybersecurity

Pages

Footer Email Signup