You are here

Home » Cybersecurity

Cybersecurity

Situational Awareness – Court Temporarily Pauses EPA Memo on Addressing PWS Cybersecurity

It’s been no secret that the March 3, 2023 EPA memo on Addressing PWS Cybersecurity in Sanitary Surveys or an Alternate Process has been challenged from the beginning and has faced legal opposition. Yesterday, the U.S. Court of Appeals for the 8th Circuit in St. Louis granted a stay of the memo, thus temporarily suspending the current EPA guidance.

Note: WaterISAC does not maintain a position on this action, we are providing this development for your awareness.

Relevant coverage:

Ransomware Awareness – The Criminal Ransomware Economy Operates a Professional Business Model

Help Net Security has written an article discussing the consequences of the service-oriented ransomware industry’s growth. Due to the intense profitability of the industry, criminals have reproduced a legal economy with major ransomware groups using third parties and subcontractors while offering a menu of services to criminal consumers.

Joint Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments. 

Threat Awareness – Defending Against EvilProxy Phishing Toolkit

Despite growing awareness of the threat from phishing emails and greater adoption of multifactor authentication (MFA), threat actors are still successfully compromising firms via phishing attacks and breaching MFA protections with phishing toolkits. To help bring greater awareness to this activity, Proofpoint recently published a blog detailing how network defenders can help mitigate this threat.

Ransomware Awareness – New Ransomware Strain Displays Fake Windows Update Alert to Hide Encryption

Trend Micro has posted a blog analyzing variants from a ransomware strain titled “Big Head,” which has the novel capability of hiding its encryption of a victim’s files with a fake Windows update alert. Researchers describe how, after running a series of checks, these Big Head variants post a screen that looks remarkably similar to what is seen when Windows is applying an update, before posting the actual ransom note once the encryption is complete.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – July 6, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Three Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Pages

Subscribe to Cybersecurity