Today the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the U.S. Cyber Command published a joint cybersecurity advisory describing the tactics, techniques, and procedures used by the North Korean advanced persistent threat (APT) group Kimsuky.
The Federal Trade Commission (FTC) has posted an advisory on overpaid utility bill scams. While primarily intended for consumers, a utility could provide this advisory to its customers to help them identify and avoid these scams. According to the advisory, in this scam a customer receives a robocall saying they paid too much on a utility bill. To make up for this mistake, they’ll get a cash refund and a discount on future bills. All they have to do is provide some information, such as their social security number or account details, to get their money and discount.
Ok, maybe it takes a cybersecurity nerd to think cyber threat detection and incident response is fun. But be assured, if you aren’t monitoring and detecting cyber threats against your organization, it’ll be anything but fun trying to respond to an attack or other cyber incident.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity. The first, on Russian APT actors, is an update to a previous CISA-FBI advisory (AA20-283A APT Actors Chaining Vulnerabilities against SLTT, Critical Infrastructure, and Elections Organizations, published on October 9, 2020) and provides information on targeting of U.S.
Alas! We get to one of my (Jennifer Lyn Walker) favorite 15CFAM topics, cybersecurity culture. Walking back through WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide, we wrap up another three relevant FUNdamentals into one. For this ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series post we visit #8-Create a Cybersecurity Culture, #9-Develop and Enforce Cybersecurity Policies and Procedures, and #12-Tackle Insider Threats.
Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA) encourages users and administrators to review the Oracle October 2020 Critical Patch Update and apply the necessary updates.
October 21, 2020
October 20, 2020
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Read the NSA advisory.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
