Cybersecurity

Vulnerability Awareness – Recent Microsoft Teams Vulnerability Highlights Interest in Leveraging Trusted Collaboration Platforms to Drop Malware

Another Microsoft Teams vulnerability has been recently disclosed that allows for the introduction of malware. Jumpsec Labs has shared its research regarding exploiting the Microsoft Teams External Tenants feature “which allows for the possible introduction of malware into any organizations using Microsoft Teams in its default configuration.”

Read more about Vulnerability Awareness – Recent Microsoft Teams Vulnerability Highlights Interest in Leveraging Trusted Collaboration Platforms to Drop Malware

Patch Awareness – NSA’s BlackLotus Mitigation Guide Addresses Recent Confusion Over Protections

The NSA has shared another Cybersecurity Information Sheet that addresses vulnerabilities in embedded computing functions. Earlier this month, it published joint guidance on Hardening Baseboard Management Controllers (BMCs).

Read more about Patch Awareness – NSA’s BlackLotus Mitigation Guide Addresses Recent Confusion Over Protections

Supplemental Cyber Highlights – June 22, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Read more about Supplemental Cyber Highlights – June 22, 2023

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 22, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Four Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 22, 2023

Ransomware Resilience – Crisis Communications for Local Governments During Ransomware Attacks

CSO Online has written an article discussing the complexities of crisis communication for local governments suffering from a ransomware incident.

Read more about Ransomware Resilience – Crisis Communications for Local Governments During Ransomware Attacks

Ransomware Awareness – Recent Ransomware Momentum Moving Towards Newer, Smaller Criminal Groups

Dark Reading has written an article discussing the simultaneous rise in total number of ransomware victims and fall in number of victims affected by major ransomware gangs, which suggests a growing number of smaller ransomware operators having success in the market.

Read more about Ransomware Awareness – Recent Ransomware Momentum Moving Towards Newer, Smaller Criminal Groups

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 20, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Enphase Envoy - Product used in Energy Sector
Enphase Installer Toolkit Android App - Product used in Energy Sector

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 20, 2023

Security Awareness – Threat Actors Increasingly Exploiting Legitimate Services for Credential Theft

Threat actors are increasingly exploiting legitimate online services to conduct attacks for stealing credentials and exfiltrating data while remaining undetected from unsuspecting victims, according to security researchers at Check Point.

Read more about Security Awareness – Threat Actors Increasingly Exploiting Legitimate Services for Credential Theft

Supplemental Cyber Highlights – June 20, 2023

Read more about Supplemental Cyber Highlights – June 20, 2023

Cyber Resilience – Why Organizations Are at Risk of Repeated Cyber Attacks

Security Intelligence has written an article discussing the trend of repeated targets in cyber attacks and why they occur. According to Cymulate, 67 percent of companies that suffered a cyber attack are attacked again within one year, which rises to 80 percent if it’s a ransomware attack.

Read more about Cyber Resilience – Why Organizations Are at Risk of Repeated Cyber Attacks

You are here

Cybersecurity

Vulnerability Awareness – Recent Microsoft Teams Vulnerability Highlights Interest in Leveraging Trusted Collaboration Platforms to Drop Malware

Patch Awareness – NSA’s BlackLotus Mitigation Guide Addresses Recent Confusion Over Protections

Supplemental Cyber Highlights – June 22, 2023

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 22, 2023

Ransomware Resilience – Crisis Communications for Local Governments During Ransomware Attacks

Ransomware Awareness – Recent Ransomware Momentum Moving Towards Newer, Smaller Criminal Groups

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 20, 2023

Security Awareness – Threat Actors Increasingly Exploiting Legitimate Services for Credential Theft

Supplemental Cyber Highlights – June 20, 2023

Cyber Resilience – Why Organizations Are at Risk of Repeated Cyber Attacks

Pages

You are here

Cybersecurity

Pages

Footer Email Signup