The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises it is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide.
While properly securing devices like laptops and USBs that are not perpetually connected to the network is not a new problem, that endeavor became exponentially more complicated in light of the current pandemic. Prior to the pandemic, some organizations were able to greatly restrict transient devices in their environment; now, not so much.
Yesterday the U.S. Department of Homeland Security Cybersecurity Agency (CISA) and the Office of Management and Budget released three documents providing guidance for how federal government agencies should manage vulnerabilities. The CISA guidance consists of a binding operational directive (BOD) that requires each federal agency to publish a vulnerability disclosure program (VDP) as well as implementation guidance.
What do you get when you combine the influence of the Cybersecurity and Infrastructure Security Agency (CISA) with the resources of the Multi-State Information Sharing and Analysis Center (MS-ISAC) and a global internet edge technology provider with an unprecedented view of the threat landscape? In short, MDBR – Malicious Domain Blocking and Reporting. The Center for Internet Security (CIS) has partnered through MS-ISAC and EI-ISAC with CISA and Akamai to make MDBR available at no cost to the members of the MS-ISAC and EI-ISAC.
CISA has published an advisory on predictable exact value from previous values vulnerability in multiple products from Mitsubishi Electric. Successful exploitation of this vulnerability could be used to hijack TCP sessions and allow remote command execution. Mitsubishi Electric recommends that users take a series of mitigation measures to minimize the risk of exploiting this vulnerability. CISA recommends a series of measures to mitigate the vulnerability.
When Emotet is active there is no shortage of discoveries of additional behaviors designed to trick users and expand its infections. Last week, researchers discovered a new template that Emotet is using in its attachments. When a user clicks on an Emotet-laden attachment, they are presented with a red accent colored prompt to 'Enable Editing' and 'Enable Content' to view the document. This template has been named ‘Red Dawn’ due to the red accent colors.
Knowing your assets is the foundation of a successful cybersecurity strategy. In fact, it is unrealistic to expect to adequately complete a basic cyber risk assessment without a comprehensive asset inventory. According to PAS, the OT integrity company, “without such an inventory, it is impossible to have the visibility necessary to understand and reduce risk.” OT asset inventory is not a one-size fits all program, and what qualifies as a good OT asset inventory is different for every organization.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert highlighting technical approaches to uncovering malicious activity and providing mitigation steps according to best practices. The purpose of the report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation. CISA built this report in collaboration with the cybersecurity authorities of four other nations, including Australia, Canada, New Zealand, and the United Kingdom.
Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild.
CISA has published an advisory on reflected cross-site scripting, stored cross-site scripting, cross-site request forgery, hidden functionality, and use of unmaintained third-party components vulnerabilities in Red Lion N-Tron 702-W and 702M12-W. All versions of both products are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, execute system commands, and perform actions in the context of an attacked user. Red Lion’s 702-W Series was discontinued in 2018 and cannot be updated.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
