The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. As the alert states, F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020. Unpatched F5 BIG-IP devices are an attractive target for malicious actors.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert recommending critical infrastructure owners and operators take immediate steps to reduce exposure of operational technology (OT) and control systems. The alert notes that due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S.
It is well-known that phishing is purposefully designed to evade security tools and target humans, so when it does it should come as no surprise. Likewise, when security technology fails humans need to be able to recognize suspicious activity such as phishing emails and report them accordingly. Cybersecurity firm Cofense recently analyzed phishing messages that evaded Proofpoint’s Secure Email Gateway (SEG). The platform/vendor should not be the point, because it happens to (dare I say) every platform.
Members of WaterISAC are no strangers to Stuxnet. Uncovered in 2010, Stuxnet was the first of what was anticipated, if not expected, to be the beginning of a “cyber warfare” era. Stuxnet marked the first true cyber weapon in history designed to physically attack a military target. For those not intimately familiar with its background, Ralph Langner, the foremost authority on Stuxnet, recounts the backstory and enriched technical details of the autonomous, stealthy, patient, calculating, uber-virus. Mr.
Another round of cyber attacks reportedly targeted Israeli water infrastructure in June. According to officials, two cyber attacks took place. Reports state that one of the attacks hit agricultural water pumps in upper Galilee, while the other one hit water pumps in the central province of Mateh Yehuda.
Last week, researchers observed Emotet awake from its 160 day slumber. The “public cyber enemy,” as Malwarebytes is calling it, seemed to warm-up as it began lightly populating inboxes on July 13. But by July 17, the malspam onslaught commenced with nearly a quarter million messages. Emotet usually emerges out of hibernation with a new tactic in its arsenal, but so far nothing remarkable.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about malicious cyber actors using network tunneling and spoofing to obfuscate geolocation. According to the alert, attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. Attribution requires analysis of multiple variables, including location.
Prior reporting in multiple Security & Resilience Updates, most recently on June 18, 2020, has covered OT-aware ransomware families, notably EKANS, MegaCortex, and LockerGoga. Newly published research from FireEye suggests additional families are now incorporating common OT processes in their kill list.
As included in the Spotlight section of the Security & Resilience Update on Tuesday, Microsoft released a patch for CVE-2020-1350, a critical remote code execution (RCE) vulnerability dubbed SIGRed. All Windows Server versions from 2008 to the present are vulnerable. SIGRed only affects Windows DNS Servers; Windows DNS clients are not susceptible. However, SIGRed is wormable so it can be spread between vulnerable devices without user interaction.
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
