January 14, 2020
CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.
June 14, 2018
January 14, 2020
CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.
June 11, 2019
The NCCIC has updated this advisory with additional information on the affected products and mitigating measures. NCCIC/ICS-CERT.
January 31, 2019
The MITRE Corporation, publisher of the widely revered ATT&CKTM Framework, has just released a new knowledge base, ATT&CKTM for Industrial Control Systems. Developed in collaboration with experts from ICS cybersecurity firm Dragos, ATT&CKTM for ICS categorizes public behaviors of malicious activity targeting critical OT infrastructure.
The President has appointed Bryan Ware to serve as the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Assistant Director for Cybersecurity. Ware brings over 25 years of experience in advanced technology and product development to the job. Since early 2019, he served as the assistant secretary for cyber, infrastructure, and resilience policy at CISA. Beginning in October 2018, he had been serving as a senior advisor to then DHS Secretary Kirstjen Nielsen. Prior to his time with DHS, he was the CEO of Haystax, a risk consulting company.
Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.
A town in Colorado recently lost more than $1 million to a business email compromise scam when municipal employees sent funds to a bank account controlled by the scammers. The fraudsters used an electronic form on the town's website to request a change to the payment information on a contract for a construction company.
In its review of a series of new books, an article published in the MIT Technology Review reflects on nation states expanding use of hacking to try to shape and bend geopolitics. The article revisits some of the most significant events of the past decade in which governments took to the digital environment to advance their objectives. It focuses mainly on activities and campaigns undertaken by Russia. These include Russia’s campaigns against the 2016 U.S.
Noting that his company’s most recent landscape threat report cybercriminal target vulnerabilities ten or more years old more than they target new ones, an analyst with cybersecurity firm Fortinet emphasizes the importance of companies utilizing operational technology (OT) to improve the security of their systems. He observes that this is especially warranted given that OT systems are often old and have been left unmanaged for many years – making them among the most vulnerable assets in any organization – and the rise of OT’s convergence with information technology (IT) systems.
Companies in Texas, Illinois, and Oregon have new notification obligations if they experience a data breach, under amendments to state laws that went into effect on January 1. All 50 states and the District of Columbia require companies to notify people of security breaches of personal information, but states have been updating data breach notice statutes in recent years to broaden the definition of personal information and change requirements for when and how to notify affected individuals or the state attorney general.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
