The Cybersecurity and Infrastructure Security Agency (CISA) reports it is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following actions:
The National Institute of Standards and Technology (NIST) is seeking input between now and January 13, 2020 for the National Initiative for Cybersecurity Education’s (NICE’s) Cybersecurity Workforce Framework. First published in August 2017, the document is intended to define and provide guidance on different aspects of cybersecurity workforce development, planning, training, and education.
CISA has published an advisory on an improper input vulnerability in ABB Relion 650 and 670 Series. Numerous versions of both devices are affected. Successful exploitation of this vulnerability may allow an attacker to reboot the device, causing a denial of service. ABB indicates updating to later versions of the products can mitigate the vulnerabilities. It also offers other recommendations to further protect the devices. CISA also recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on a path traversal vulnerability in ABB Relion 670 Series. Numerous versions are affected. Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device. ABB indicates updating to current versions of the product can mitigate the vulnerabilities. It also offers other recommendations as workarounds. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
The FBI’s Portland, Oregon office has published an advisory discussing the threat of calendar fraud and providing some steps for combating it. Scammers have started sending online users calendar invites, a form of phishing. In many cases, the calendar’s default settings allow the invitation to simply appear on your account. The fraudster could be offering you a prize or an invitation to some special event. Just click on the link and you can register, or click, put in your credit card number, and you are on your way to winning the jackpot.
The Federal Trade Commission (FTC) has released an article with tips on how to protect personal information before trading in a mobile phone for a newer model. FTC recommends the following four steps to safeguard these devices:
The National Security Agency (NSA) has released a cyber advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. CISA encourages users and administrators to review the advisory and apply the information, as appropriate.
The importance of scrutinizing financial-related and highly sensitive information via email cannot be overstated. In typical business email spoofing style, a scammer, as part of a multinational fraud ring, was able to defraud the CEO of an unidentified Swiss company during a real-estate transaction – an all too common trend. After two presumably legitimate communications with his attorney, the CEO received a third email with new wiring instructions for the remaining balance.
Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. Read the advisory at CISA.
The city of College Station, Texas has recently suspended online utility payments due to a potential security issue with online payment processing provider Click2Gov.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
