Today, January 28, 2021 is Data Privacy Day. After this past year, we could all use some data privacy reminders as many of us have willingly acquiesced to greater contactless interactions, often at the detriment of privacy. From smart devices to consumer data, privacy settings and permissions, multifactor authentication, and encryption, there is room for everyone to improve data privacy hygiene.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of two new cybersecurity courses: Cloud Security and Foundations of Cybersecurity for Management. Federal, state, local, tribal, and territorial government and veteran users can access these courses, track their progress, and store course transcripts.
IBM Security Intelligence examines the latest version of TrickBot, comparing it to its precedent and taking a closer look at the components its developers kept or modified. WaterISAC previously reported on this latest evolution of this notorious malware, specifically in the December 3, 2020 Security & Resilience Update.
If you are still trying to convince staff that EVERY one of us are susceptible to succumbing to a well-crafted socially-engineered cyber attack, then you’ll want them to read this post. The Google Threat Analysis Group (TAG) has identified a recent campaign targeting security researchers. The pretext of the attack involved engaging researchers to collaborate on vulnerability research. Vulnerability research is some of the most technical and complex work in the cybersecurity domain.
Today the Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat. “CISA is committed to working with organization at all levels to protect their networks from the threat of ransomware,” said CISA Acting Director Brandon Wales.
If your organization uses Xerox multifunctional devices (and even if it doesn’t) this incident may be of interest. It seems attackers inadvertently exposed more than 1,000 stolen corporate credentials obtained through a Xerox-themed phishing campaign. While 1,000 credentials may not seem significant, this incident represents a typical lure that staff are likely to fall for, especially if your organization uses Xerox devices.
PenTestPartners (PTP) is known for straightforward posts and practical analysis. This cyber hygiene article respectfully challenges some authoritative guidance (from the National Cyber Security Centre) – whether or not three random word passwords are strong enough. This is another good candidate for security awareness reminders on the importance of creating less crackable passwords.
The Cybersecurity and Infrastructure Security Agency (CISA) is announcing the issuance of three “Capacity Enhancement Guides.” While these guides are specifically directed at federal agencies, they contain best practices that can be applied more broadly across state, local, tribal, and territorial governments and the private sector. Access the guides at CISA.
The guides include:
The National Security Agency (NSA) has released an information sheet with guidance for enterprise network owners and administrators on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
The FBI has published a Private Industry Notification (PIN) observing that cyber criminals are focusing their operations to target employees of companies worldwide who maintain network access and an ability to escalate network privilege. The FBI explains that during COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technologies and may not be fully monitoring network access and privilege escalation.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
