The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance – a series of documents with practical advice and simple steps – following a cybersecurity resilience assessment of New Zealand’s nationally significant organizations.
The Australian Cyber Security Centre (ACSC) has released Fundamentals of Cross Domain Solutions, a guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. CISA encourages organizations with information sharing requirements to review ACSC’s to learn how to plan, analyze, design, and implement CDS systems.
The FBI’s Portland, Oregon office has published an advisory discussing how to build a digital defense in the Internet of Things. The advisory discusses the security risks of using devices that have built-in Internet connections, such as digital assistants, smart watches, security equipment, thermostats, and even kitchen appliances. While providing additional conveniences and amenities for their owners, they can also open a door for hackers into your business or home.
CISA has published an alert on Dridex, providing an overview of the malware, related activity, and a list of previously unreported indicators of compromise. Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, CISA submits that the techniques, tactics, and procedures contained in this report warrant renewed attention. Read the alert at CISA.
CISA has published an advisory on improper restriction of excessive authentication attempts, uncontrolled resource consumption, missing encryption of sensitive data, unprotected storage of credentials, and predictable from observable state vulnerabilities in Weidmueller Industrial Ethernet Switches. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorized access to the device, affecting the confidentiality, integrity, and availability of the device the attacker is targeting.
CISA has published an advisory on a link following vulnerability in Thales DIS SafeNet Sentinel LDK License Manager Runtime. All versions prior to 7.101 are affected. Successful exploitation of this vulnerability could allow a local attacker to escalate privileges. Thales recommends upgrading to Version 7.101 or later. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
IBM X-Force Incident Response and Intelligence Services (IRIS) has been tracking a new destructive malware campaign dubbed ZeroCleare. X-Force IRIS has been following the evolution of destructive, disk-wiping malware since the first Shamoon attacks during the summer of 2012, and recently discovered ZeroCleare being used to execute a destructive attack on organizations in the energy and industrial sectors in the Middle East.
If you are reading this, you understand the devastation that can occur when critical infrastructure fails. Whether the compromise is due to a mechanical failure or a cyber attack, societal ramifications can be dire. In a recent post, Sergio Caltagirone, Vice President of Threat Intelligence at industrial cybersecurity firm Dragos, presents several interconnected reasons we may expect important humanitarian consequences from cyber operations over the next decade.
CISA has published an advisory on cleartext transmission of sensitive information, improper access control, sensitive cookie without ‘HTTPONLY’ flag, improper restriction of operations within the bounds of a memory buffer, CSRF, command injection, and cross-site scripting vulnerabilities in Reliable Controls LicenseManager. Versions 1.14 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to view sensitive information, cause availability issues, and execute remote code.
CISA has published an advisory on an unquoted search path or element vulnerability in Reliable Controls LicenseManager. Versions 3.4 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive data, or execute arbitrary commands. Reliable Controls has released RC-LicenseManager Version 3.5, which is bundled for use within the latest RC-Studio software. Reliable Controls recommends users upgrade to RC Studio 3.6.3. CISA also recommends a series of measures to mitigate the vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
