U.S. Department of Homeland Security (DHS) officials are said to have selected Bryan S. Ware to be the assistant secretary for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), which would make him DHS’s most senior official focused exclusively on cybersecurity.
Earlier this year, a Microsoft team scanned all customer accounts and found that 44 million users were employing usernames and passwords that leaked online following security breaches at other online services. Microsoft said it scanned user accounts using a database of over three billion leaked credentials, which it obtained from multiple sources, such as law enforcement and public databases. The 44 million total included Microsoft Services Accounts (regular user accounts), but also Azure AD accounts. "For the leaked credentials for which we found a match, we force a password reset.
The FBI said it has found no signs of any link between a cyber attack on the computer systems for the city of Pensacola, Florida and the attack at the local Naval Air Station in which three sailors were killed and eight others were wounded. The city became aware of the cyber attack early Saturday, just hours after the shooting at the Pensacola Naval Air Station that occurred on Friday. City officials expressed uncertainty over whether the incidents were related but reached out federal authorities as a precaution.
WaterISAC previously posted the woes regarding Click2Gov on several occasions – view the Security & Resilience Update for November 21, 2019 for a listing of the three other posts. Likewise, a quick Google search reveals many more impacted municipalities and utilities, some having been affected more than once. With this recent spate of disclosures, WaterISAC is aware of at least one member who has been negatively impacted.
Microsoft has released its monthly update to address vulnerabilities in its software. For this month, Microsoft has released security updates for Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server, Visual Studio, and Skype for Business. Read the update at Microsoft.
The National Institute of Standards and Technology (NIST) has just published Special Publication (SP) 800-160 Volume 2, Developing Cyber Resilient Systems: A Systems Engineering Approach. It is the first in a series of specialty publications developed to support NIST SP 800-160 Volume 1, the flagship systems security engineering guideline. Volume 2 addresses cyber resiliency considerations for two important yet distinct communities of interest:
Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.
The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance – a series of documents with practical advice and simple steps – following a cybersecurity resilience assessment of New Zealand’s nationally significant organizations.
The Australian Cyber Security Centre (ACSC) has released Fundamentals of Cross Domain Solutions, a guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. CISA encourages organizations with information sharing requirements to review ACSC’s to learn how to plan, analyze, design, and implement CDS systems.
The FBI’s Portland, Oregon office has published an advisory discussing how to build a digital defense in the Internet of Things. The advisory discusses the security risks of using devices that have built-in Internet connections, such as digital assistants, smart watches, security equipment, thermostats, and even kitchen appliances. While providing additional conveniences and amenities for their owners, they can also open a door for hackers into your business or home.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
