Cybersecurity

Threat Awareness – APT Conducts Large-Scale Spear-Phishing Campaign with RDP Attachments

Last week, Microsoft warned of a spear-phishing threat by the Russian state-backed threat group known as Midnight Blizzard or APT29. “Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors” reads Microsoft’s threat blog.

Read more about Threat Awareness – APT Conducts Large-Scale Spear-Phishing Campaign with RDP Attachments

Report – Sophos Unveils Evolving Tactics of China-based Cyber Threats to Critical Infrastructure

Following a 5-year investigation into China-based cyber threats targeting critical infrastructure, Sophos researchers have attributed specific observed activity to Volt Typhoon, highlighting key behaviors in its Pacific Rim report. The report includes a summary of the adversary’s activity and key takeaways for defenders.

Read more about Report – Sophos Unveils Evolving Tactics of China-based Cyber Threats to Critical Infrastructure

Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)

October 31, 2024

Read more about Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)

Critical Infrastructure and Resilience Month – Resolve to be Resilient this November

November is Critical Infrastructure Security and Resilience Month, a time when the entire nation is encouraged to take steps to reinforce these systems and be vigilant to threats that undermine collective security and economic prosperity.

Read more about Critical Infrastructure and Resilience Month – Resolve to be Resilient this November

EPA Factsheet – Cyber Insurance for Drinking Water and Wastewater Systems

The EPA Water Infrastructure & Cyber Resilience Division (WICRD) recently produced a factsheet entitled “Cyber Insurance for Drinking Water and Wastewater Systems.” The factsheet provides water systems with a simplified guide to assist in the selection of cyber insurance to protect them against computer-related crimes and losses.

Read more about EPA Factsheet – Cyber Insurance for Drinking Water and Wastewater Systems

Supplemental Cyber Highlights – October 31, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

Read more about Supplemental Cyber Highlights – October 31, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 31, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 31, 2024

Supplemental Cyber Highlights – October 29, 2024

Critical Infrastructure Resilience

Read more about Supplemental Cyber Highlights – October 29, 2024

Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications

CISA and the FBI recently released a public announcement concerning breaches on U.S. telecommunication service providers by Chinese cyber threat actors. The announcement reads:

The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.

Read more about Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications

Cybersecurity Awareness Month – 2024 Recap

As Cybersecurity Awareness Month 2024 comes to a close, here’s a brief recap of all that was shared this month. Hopefully, you put the handouts to good use by sharing them with staff and placing them in easy to see locations for anyone and everyone to read. If not, no worries – they are included below and are applicable during any month, not only Cybersecurity Awareness Month!

Using strong passwords and a password manager

Read more about Cybersecurity Awareness Month – 2024 Recap

You are here

Cybersecurity

Threat Awareness – APT Conducts Large-Scale Spear-Phishing Campaign with RDP Attachments

Report – Sophos Unveils Evolving Tactics of China-based Cyber Threats to Critical Infrastructure

Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)

Critical Infrastructure and Resilience Month – Resolve to be Resilient this November

EPA Factsheet – Cyber Insurance for Drinking Water and Wastewater Systems

Supplemental Cyber Highlights – October 31, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – October 31, 2024

Supplemental Cyber Highlights – October 29, 2024

Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications

Cybersecurity Awareness Month – 2024 Recap

Pages

You are here

Cybersecurity

Pages

Footer Email Signup