The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert highlighting risks associated with Tor, along with technical details and recommendations for mitigation. Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes.
WaterISAC convened a discussion with representatives of the Cyberspace Solarium Commission on July 1.
CISA has published an advisory on an improper restriction of XML external entity reference and uncontrolled resource consumption vulnerability in Mitsubishi Electric Factory Automation Engineering Software Products. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow a local attacker to send files outside of the system as well as cause a denial-of-service condition. Mitsubishi Electric recommends affected users download the latest version of each software product and update it.
June 30, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
June 2, 2020
CISA has updated this advisory with additional details of the affected products. Read the advisory at CISA.
May 28, 2020
SecurityRoundtable.org, powered by Palo Alto Networks posted resounding support for the necessity of public-private partnerships in the fight against cyber threats. Citing the fact that threat actors participate in collaboration to further attack campaigns, it is imperative that organizations across all facets of business do it better in defense of our networks and homeland security. The post cites several law enforcement organizations that are key to successful information and intelligence sharing, many of which WaterISAC maintains relationships.
Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Palo Alto Security Advisory for CVE-2020-2021 and apply the necessary updates or workarounds.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) reports multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device. CISA encourages users and administrators to update to the most recent firmware version and to replace end-of-life devices that are no longer supported with security patches. Given the increase in telework, CISA recommends that CISOs consider the risk that these vulnerabilities present to business networks.
Coronavirus cyber activity is receding, but has not abated. Today we bring you more scam highlights and key activity, including continued disinformation, ransomware, phishing, and even some non-coronavirus themes.
CISA has published an advisory on an improper restriction of XML external entity reference vulnerability in Rockwell Automation FactoryTalk Services Platform. Versions 6.11.00 and earlier affected. Successful exploitation of this vulnerability could lead to a denial-of-service condition and to the arbitrary reading of any local file via system level services. Affected users are encouraged to use Rockwell Automation Knowledgebase article 25612 to determine if FactoryTalk Services Platform is installed.
CISA has published an advisory on cleartext storage of sensitive information and weak encoding for password vulnerabilities in Rockwell Automation FactoryTalk View SE. Versions 9.0 and earlier and 10.0 are affected. Successful exploitation of these vulnerabilities could lead to unauthorized access to server data. Users of the affected versions of DeskLock provided with FactoryTalk View SE are encouraged to update to an available software version that addresses the associated risk, v10.0 or later.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
