Ransomware has been running rampant this year forcing organizations of all sizes to deal with response and recovery after files have been encrypted and exfiltrated. Security journalist David Bisson summarizes six trends that all organizations should keep in mind for ransomware defense strategies:
The FBI has published a (TLP:WHITE) Private Industry Notification (PIN) advising that continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems. Microsoft ended support for the Windows 7 operating system in January 2020, and the FBI observes that cyber criminals target computer network infrastructure after an operating system achieves end of life status. It notes that as time passes Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered.
CISA has published an advisory on a path traversal vulnerability in Mitsubishi Electric Factory Automation Products. Multiple products and versions of the products are affected. Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, tamper the information, and cause a denial-of-service condition. Mitsubishi Electric recommends users update products for which newer versions are available.
CISA has published an advisory on a permission issues vulnerability in Mitsubishi Electric Multiple Factory Automation Engineering Software Products. Multiple products and versions of the products are affected. Successful exploitation of this vulnerability may enable the reading of arbitrary files, cause a denial-of-service condition, and allow execution of a malicious binary. Multiple Electric recommends a series of steps to address the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on a missing authentication vulnerability in Inductive Automation Ignition 8. All versions of this product prior to 8.0.13 are affected. Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information. Inductive Automation recommends users upgrade the Ignition software to v8.0.13. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense have published a malware analysis report (MAR) about a malware variant used by Chinese government cyber actors, which is known as TAIDOOR. The FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation.
CISA advises the Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability – CVE-2020-10713 – that a local attacker could exploit to take control of an affected system. CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has announced it will convene the third annual National Cybersecurity Summit this year as a series of events in September and October. More specifically, the series will consist of a two-hour webinars every Wednesday for four weeks, beginning September 16 and ending October 7. The summit will focus on providing cybersecurity strategies, policies and/or initiatives that facilitate collaboration between the full range of government, defense, civilian, intelligence, and law enforcement entities.
Several advisories were posted today concerning recent vulnerabilities disclosed by Claroty regarding VPN remote access devices widely used in industrial environments, including water and electric utilities. Devices from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws. In addition to allowing remote connectivity between sites, these devices are also used to enable remote access into PLCs and other Level 1/0 devices; a practice that has become much more prevalent in light of COVID-19.
As reported in the Security & Resilience Update on July 21, Emotet has arisen after its nearly six month snooze. At first it did not seem to be exhibiting any discernable new behavior as is typical for an Emotet awakening. But after more in-depth analysis researchers have since identified a new module designed to steal attachments.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
