With the recent, high-profile cyber incidents involving FireEye and SolarWinds, Microsoft has shared information and issued guidance about increased activities from a sophisticated threat actor that is focused on high value targets such as government agencies and cybersecurity companies.
Today the Cybersecurity and Infrastructure Security Agency (CISA) released a Critical Infrastructure Security and Resilience Note, Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks, to inform stakeholders about the risks of untrusted components within 5G networks. This product is intended to provide an overview of edge computing and represents CISA’s analysis of the risks associated with installation of untrusted components into 5G infrastructure.
The Australian Cyber Security Centre (ACSC) has launched a new cyber security campaign encouraging all Australians to protect themselves against online threats, with an accompanying joint announcement from Minister for Home Affairs Peter Dutton and Minister for Defence Linda Reynolds.
The National Institute of Standards and Technology (NIST) has released two new guides to help address data integrity challenges poses by ransomware attacks and other “destructive” events, which include destructive malware. Organizations can use the first guide, SP 1800-25, to develop a strategy for identifying and protecting assets against one of these events.
Attackers are convincingly mimicking the ‘microsoft[.]com’ domain in a recent phishing campaign. In spite of Microsoft’s reported lack of email spoofing protection mechanisms such as DMARC (Domain-based Message Authentication, Reporting and Conformance), users need to be vigilant for emails appearing to come from Microsoft using a relatively new Microsoft 365 capability to review quarantined messages as a pretext to trick users into following the offered link.
Once considered a simple information stealing worm, Qakbot has evolved into one of the top quality malware droppers for many cyber attack campaigns. Following the likes of TrickBot, quirky Qakbot is often paired up with post compromise attack platforms such as Cobalt Strike.
ICS cybersecurity expert Joe Weiss thoughtfully revisits recent posts reflecting on the Aurora incident and others like it. Everyone who knows Joe, knows his passion regarding Aurora-type incidents and how engineering mishaps/failures can seem like (and have the same impact as) cyber attacks and vice versa. When is a failure due to a mechanical issue or a cyber attack – it takes both engineers and cyber analysts to properly investigate and determine.
While Egregor continues with recent attacks on Kmart, Metro Vancouver's transit system TransLink, and the Randstad staffing agency, Insikt Group researchers at Recorded Future publish a
The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review 2020, the fourth version of its yearly report that presents key developments and highlights. Throughout its report the NCSC comments on threats and trends that it responded to, oftentimes in collaboration with international partners. These include the U.S.’s Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), which have released alerts and advisories with the NCSC throughout 2020.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory encouraging heightened awareness for potential malicious cyber activity from Iranian threat actors. The advisory states these actors continue to engage in offensive cyber activities that range from the conventional, including website defacement and distributed denial of service attacks, to the more advanced, such as destructive malware.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
