August 11, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
February 13, 2020
August 11, 2020
CISA has updated this advisory with additional information on the affected products. Read the advisory at CISA.
February 11, 2020
CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.
January 14, 2020
August 11, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
June 9, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
August 11, 2020
CISA has updated this advisory with additional information on affected products. Read the advisory at CISA.
July 14, 2020
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
October 8, 2019
August 11, 2020
CISA has updated this advisory with information on affected products and mitigation measures. Read the advisory at CISA.
February 5, 2019
The NCCIC has updated this advisory with information on affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.
August 11, 2020
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
July 14, 2020
CISA has updated this advisory with additional information on affected products. Read the advisory at CISA.
October 8, 2019
CISA has published an advisory on an improper authorization vulnerability in Siemens Automation License Manager. For Automation License Manager 5, all versions are affected. For Automation License Manager 6, all versions prior to v6.0.8 are affected. Successful exploitation of this vulnerability could allow an attacker to locally escalate privileges and modify files that should be protected against writing. For Automation Manager 5, Siemens recommends users disable access to drives which have licenses installed, for non-administrator users.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Microsoft Edge (EdgeHTML and Chromium-based), Microsoft ChakraCore, Internet Explorer, Microsoft Scripting Engine, SQL Server, Microsoft JET Database Engine, .NET Framework, ASP.NET Core, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library, and Microsoft Dynamics.
The COVID-19 pandemic isn’t the only worldwide crisis to have been exploited by cyber criminals. Seven earlier crises that were similarly leveraged include another disease – the 2009 swine flu – as well as natural disasters like the earthquakes in Haiti in 2010 and Japan in 2011 and malicious events, including the mass shooting targeting New Zealand mosques in 2019. Following a brief review of each of these, and what cyber criminals did to take advantage of the situations, the article presents lessons learned. The first of which is that cyber crime simply has no scruples.
The National Security Agency (NSA) has released an information sheet with guidance on how to configure mobile devices to limit how much location data they can expose. The product emphasizes that location data can be extremely valuable, potentially revealing details like the number of users in a location, user and supply movements, daily routines, and otherwise unknown associations between users and locations. It acknowledges that some of the measures for mitigating location tracking risks are impractical, given that users rely on features that would be disabled by the measures.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
