While Egregor continues with recent attacks on Kmart, Metro Vancouver's transit system TransLink, and the Randstad staffing agency, Insikt Group researchers at Recorded Future publish a
The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review 2020, the fourth version of its yearly report that presents key developments and highlights. Throughout its report the NCSC comments on threats and trends that it responded to, oftentimes in collaboration with international partners. These include the U.S.’s Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), which have released alerts and advisories with the NCSC throughout 2020.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory encouraging heightened awareness for potential malicious cyber activity from Iranian threat actors. The advisory states these actors continue to engage in offensive cyber activities that range from the conventional, including website defacement and distributed denial of service attacks, to the more advanced, such as destructive malware.
The Human Side of Incident Response
Anyone who has heard me (Jennifer Lyn Walker) speak (on the Cyber Threat Briefing, at a conference, or podcast) knows that I like to focus on the human side of cybersecurity. Therefore, it should come as no surprise that this post – Tackle the Human Side of Incident Response with SOAR and Threat Intelligence – by Flashpoint resonates with me.
Patching in the OT environment is a perpetual predicament, but passing over patches is permanently problematic. Simply ignoring a patch because it is impractical or impossible to implement is profoundly poor policy. So what are the preferred practices when patching isn’t possible? According to Verve Industrial, the options greatly depend on whether the system you intend to remediate has embedded vulnerabilities or a Windows/userspace application.
The FBI has published a Private Industry Notification (PIN) warning that cyber criminals are implementing auto-forwarding on victims’ web-based email clients to conceal their activities. As the PIN explains, the web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. The cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
The Center for Internet Security (CIS) has just published the report Exploited Protocols, Remote Desktop Protocol (RDP), which is intended to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack. The information provided in this report is very timely given the increased usage of RDPs as organizations stood up remote environments for employees to utilize when the COVID-19 pandemic struck.
With more Americans expected to shop online this holiday season due to the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) has launched a public awareness initiative to inform consumers of common risks and encourage basic cybersecurity practices. Over the course of the next month, it plans to share safety information for consumers to keep in mind as they navigate the world-wide web. As part of this, CISA’s “Holiday Online Shopping” website includes easy-to-follow safety tips for online shopping, and additional resources to promote healthy shopping practices.
As we stated earlier, if Bleeping Computer’s The Week in Ransomware series is a must review, you’ll also want to follow along with a new multi-part series by Control Global executive editor Jim Montague.
Unless you manufacture all of your own components, every organization faces significant risk from their supply chain, and perhaps even more so from the smart/connected technology supply chain.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
