Cybersecurity

Cyber Resilience – Eight Cybersecurity Strategies for Small Organizations

Cybersecurity presents a unique set of challenges for small organizations. Due to their limited size and budget, they often cannot afford a dedicated security team, and therefore tend to rely on just one person for their cybersecurity needs. This individual often struggles to manage all the recommended or necessary tasks due to time constraints or resource limitations, which can lead to cascading consequences where security issues are handled as they arise which, more often than not, is too late to prevent severe impacts.

Read more about Cyber Resilience – Eight Cybersecurity Strategies for Small Organizations

NRWA to Lead Multi-agency Initiative to Bolster Cybersecurity of Rural Water Systems

The National Rural Water Association (NRWA) has partnered with the U.S. Department of Agriculture (USDA) and the White House Office of the National Cyber Director (ONCD) to launch a one-year program study to enhance cybersecurity for rural water systems. The Oregon Association of Water Utilities and Vermont Rural Water Association will help NRWA administer the one-year study.

Read more about NRWA to Lead Multi-agency Initiative to Bolster Cybersecurity of Rural Water Systems

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – November 7, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – November 7, 2024

Supplemental Cyber Highlights – November 5, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

Read more about Supplemental Cyber Highlights – November 5, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – November 5, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

There are no new ICS advisories to report

Additional Alerts, Updates, and Bulletins:

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – November 5, 2024

Threat Awareness – Compromised U.S. and Foreign Government Emails Used to Conduct Fraudulent Emergency Data Requests

Yesterday, The FBI released a Private Industry Notification (PIN) to warn of a trend of compromised U.S. and Foreign government email addresses used to conduct fraudulent emergency data requests to U.S.-based organizations. The PIN notes that an increase of activity on criminal forums regarding the process of emergency data requests and sale of compromised credentials has led to an increased use of this threat. WaterISAC recommends members review the PIN and implement the recommended mitigations listed.

Read more about Threat Awareness – Compromised U.S. and Foreign Government Emails Used to Conduct Fraudulent Emergency Data Requests

Threat Awareness – APT Conducts Large-Scale Spear-Phishing Campaign with RDP Attachments

Last week, Microsoft warned of a spear-phishing threat by the Russian state-backed threat group known as Midnight Blizzard or APT29. “Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors” reads Microsoft’s threat blog.

Read more about Threat Awareness – APT Conducts Large-Scale Spear-Phishing Campaign with RDP Attachments

Report – Sophos Unveils Evolving Tactics of China-based Cyber Threats to Critical Infrastructure

Following a 5-year investigation into China-based cyber threats targeting critical infrastructure, Sophos researchers have attributed specific observed activity to Volt Typhoon, highlighting key behaviors in its Pacific Rim report. The report includes a summary of the adversary’s activity and key takeaways for defenders.

Read more about Report – Sophos Unveils Evolving Tactics of China-based Cyber Threats to Critical Infrastructure

Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)

October 31, 2024

Read more about Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)

Critical Infrastructure and Resilience Month – Resolve to be Resilient this November

November is Critical Infrastructure Security and Resilience Month, a time when the entire nation is encouraged to take steps to reinforce these systems and be vigilant to threats that undermine collective security and economic prosperity.

Read more about Critical Infrastructure and Resilience Month – Resolve to be Resilient this November

You are here

Cybersecurity

Cyber Resilience – Eight Cybersecurity Strategies for Small Organizations

NRWA to Lead Multi-agency Initiative to Bolster Cybersecurity of Rural Water Systems

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – November 7, 2024

Supplemental Cyber Highlights – November 5, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – November 5, 2024

Threat Awareness – Compromised U.S. and Foreign Government Emails Used to Conduct Fraudulent Emergency Data Requests

Threat Awareness – APT Conducts Large-Scale Spear-Phishing Campaign with RDP Attachments

Report – Sophos Unveils Evolving Tactics of China-based Cyber Threats to Critical Infrastructure

Vulnerability Notification – Fortinet FortiManager Zero-Day Exploitation, CVE-2024-47575 (Updated – October 31, 2024)

Critical Infrastructure and Resilience Month – Resolve to be Resilient this November

Pages

You are here

Cybersecurity

Pages

Footer Email Signup