Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.
The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.
A town in Colorado recently lost more than $1 million to a business email compromise scam when municipal employees sent funds to a bank account controlled by the scammers. The fraudsters used an electronic form on the town's website to request a change to the payment information on a contract for a construction company.
In its review of a series of new books, an article published in the MIT Technology Review reflects on nation states expanding use of hacking to try to shape and bend geopolitics. The article revisits some of the most significant events of the past decade in which governments took to the digital environment to advance their objectives. It focuses mainly on activities and campaigns undertaken by Russia. These include Russia’s campaigns against the 2016 U.S.
Noting that his company’s most recent landscape threat report cybercriminal target vulnerabilities ten or more years old more than they target new ones, an analyst with cybersecurity firm Fortinet emphasizes the importance of companies utilizing operational technology (OT) to improve the security of their systems. He observes that this is especially warranted given that OT systems are often old and have been left unmanaged for many years – making them among the most vulnerable assets in any organization – and the rise of OT’s convergence with information technology (IT) systems.
Companies in Texas, Illinois, and Oregon have new notification obligations if they experience a data breach, under amendments to state laws that went into effect on January 1. All 50 states and the District of Columbia require companies to notify people of security breaches of personal information, but states have been updating data breach notice statutes in recent years to broaden the definition of personal information and change requirements for when and how to notify affected individuals or the state attorney general.
The California Consumer Privacy Act (CCPA) went into effect on January 1, potentially marking the dawn of a new age for digital privacy and Internet of Things (IoT) device security. Under the law, Californians now have the right to request, review, and erase their digital profiles – personal information that has been collected by businesses. The law applies to any company that interacts with a California resident. While CCPA creates unparalleled digital privacy rights, it places the burden of responsibility on the consumer and not the business.
The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has posted an advisory on how to secure new internet connected devices. As described in the advisory, these devices include smart cameras, TVs, watches, phones, and tablets, all of which are popular gifts during the holiday season. Of course, this means that many people are likely to have recently come into possession of such devices. In some cases, they may be bringing these devices to work, potentially introducing new security vulnerabilities to their organizations.
For those of us who came into possession of a new device during the holidays, one priority should be taking steps now to secure this equipment so as to not introduce new vulnerabilities for an office or home that can be exploited by attackers (WaterISAC previously published a series of tips on securely configuring new devices from its partner MS-ISAC).
Given the continuing, if not increasing, threats to state and local governments from ransomware, device security company Forescout has published an article containing advice for how to prevent as well as respond to and recover from potentially costly and debilitating attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
