Today, the Cybersecurity and Infrastructure Security Agency (CISA) released draft versions of the TIC 3.0 Remote User Use Case and NCPS Cloud Interface Reference Architecture (NCIRA) Volume 2 (TIC stands for “Trusted Internet Connections” and NCPS stands for
The Federal Trade Commission (FTC) has posted a blog with tips for preventing ransomware infections at businesses. The blog begins with an overview of ransomware, reminding its readers that attacks aren’t just directed at large corporations and adding, “every company is a potential target.” After going through a list of steps to take to protect against ransomware, the blog addresses the potentially tricky question of whether to pay. On this, it notes that, for one thing, paying the ransom doesn’t guarantee the victim will get their data back.
Microsoft has discovered that a persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. The malware is designed to inject ads into search engine results pages. The threat affects multiple browsers, including Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox.
With the recent, high-profile cyber incidents involving FireEye and SolarWinds, Microsoft has shared information and issued guidance about increased activities from a sophisticated threat actor that is focused on high value targets such as government agencies and cybersecurity companies.
Today the Cybersecurity and Infrastructure Security Agency (CISA) released a Critical Infrastructure Security and Resilience Note, Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks, to inform stakeholders about the risks of untrusted components within 5G networks. This product is intended to provide an overview of edge computing and represents CISA’s analysis of the risks associated with installation of untrusted components into 5G infrastructure.
The Australian Cyber Security Centre (ACSC) has launched a new cyber security campaign encouraging all Australians to protect themselves against online threats, with an accompanying joint announcement from Minister for Home Affairs Peter Dutton and Minister for Defence Linda Reynolds.
The National Institute of Standards and Technology (NIST) has released two new guides to help address data integrity challenges poses by ransomware attacks and other “destructive” events, which include destructive malware. Organizations can use the first guide, SP 1800-25, to develop a strategy for identifying and protecting assets against one of these events.
Attackers are convincingly mimicking the ‘microsoft[.]com’ domain in a recent phishing campaign. In spite of Microsoft’s reported lack of email spoofing protection mechanisms such as DMARC (Domain-based Message Authentication, Reporting and Conformance), users need to be vigilant for emails appearing to come from Microsoft using a relatively new Microsoft 365 capability to review quarantined messages as a pretext to trick users into following the offered link.
Once considered a simple information stealing worm, Qakbot has evolved into one of the top quality malware droppers for many cyber attack campaigns. Following the likes of TrickBot, quirky Qakbot is often paired up with post compromise attack platforms such as Cobalt Strike.
ICS cybersecurity expert Joe Weiss thoughtfully revisits recent posts reflecting on the Aurora incident and others like it. Everyone who knows Joe, knows his passion regarding Aurora-type incidents and how engineering mishaps/failures can seem like (and have the same impact as) cyber attacks and vice versa. When is a failure due to a mechanical issue or a cyber attack – it takes both engineers and cyber analysts to properly investigate and determine.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
