Cybersecurity

Security Awareness – Human Factors of Cyber Attacks

Exploiting technical vulnerabilities is only part of the threat-scape – typically accomplished by the more sophisticated (or well-resourced) actors or groups. However, by volume, threat actors spend much more time and effort hitting us in our inboxes, via infected websites, and exploiting other human vectors, such as phones and MFA. Proofpoint’s 2023 Human Factor Report corroborates the countless incidents we see every day, that social engineering remains the most common technique with the vast majority using some element of psychological manipulation.

Read more about Security Awareness – Human Factors of Cyber Attacks

Joint Guidance Report – Hardening Baseboard Management Controllers (BMCs)

WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts, advisories, and information like this are practical for general awareness and greater understanding of active threats and adversary capabilities.

Read more about Joint Guidance Report – Hardening Baseboard Management Controllers (BMCs)

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 15, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, along with other cybersecurity alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Fourteen Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 15, 2023

Supplemental Cyber Highlights – June 15, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Read more about Supplemental Cyber Highlights – June 15, 2023

Joint Cybersecurity Advisory – Understanding Ransomware Threat Actors: LockBit

WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness and greater understanding of active threats and adversary capabilities.

Read more about Joint Cybersecurity Advisory – Understanding Ransomware Threat Actors: LockBit

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 13, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 13, 2023

Supplemental Cyber Highlights – June 13, 2023

Read more about Supplemental Cyber Highlights – June 13, 2023

Cyber Resilience - World Economic Forum’s Cybercrime Atlas Initiative Takes Information Sharing Global

Harvard Business Review has written an article discussing the World Economic Forum’s Cybercrime Atlas project and how it supports global information sharing to help reduce cybercrime. This initiative aims to provide a platform that academics, cybersecurity companies, national and international law enforcement agencies, and global businesses can access to share threat information regarding the global cybercrime ecosystem.

Read more about Cyber Resilience - World Economic Forum’s Cybercrime Atlas Initiative Takes Information Sharing Global

Vendor Risk Management – Vendor and Contractor Accounts Becoming Increasingly Popular Method to Infiltrate Networks

Talos published research into threat actors increasing use of third-party compromised accounts to access organizations’ networks. Vendor and contractor accounts (VCAs), as Talos calls them, are attractive to adversaries due to elevated privileges and unusual activity compared to an organizations’ regular workforce, making it easier to mask malicious behavior.

Read more about Vendor Risk Management – Vendor and Contractor Accounts Becoming Increasingly Popular Method to Infiltrate Networks

Binding Operational Directive 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces. The BOD instructs federal agencies to reduce the attack surface created by insecure or misconfigured remote management interfaces exposed to the internet.

Read more about Binding Operational Directive 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

You are here

Cybersecurity

Security Awareness – Human Factors of Cyber Attacks

Joint Guidance Report – Hardening Baseboard Management Controllers (BMCs)

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 15, 2023

Supplemental Cyber Highlights – June 15, 2023

Joint Cybersecurity Advisory – Understanding Ransomware Threat Actors: LockBit

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 13, 2023

Supplemental Cyber Highlights – June 13, 2023

Cyber Resilience - World Economic Forum’s Cybercrime Atlas Initiative Takes Information Sharing Global

Vendor Risk Management – Vendor and Contractor Accounts Becoming Increasingly Popular Method to Infiltrate Networks

Binding Operational Directive 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Pages

You are here

Cybersecurity

Pages

Footer Email Signup