You are here

Home » Cybersecurity

Cybersecurity

'15CFAM' is More than FUN with Consequence-driven Cyber-informed Engineering (CCE)

Welcome to week two of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its tribute to National Cybersecurity Awareness Month (NCSAM). Today we briefly touch on less of a fundamental and more of a slightly advanced topic called Consequence-driven Cyber-informed Engineering (CCE), which comes in at #6 (Install Independent Cyber-Physical Safety Systems) in the 15 Cybersecurity Fundamentals for Water and Wastewater Utilities.

CISA Alert: APT Actors Chaining Vulnerabilities against Government Organizations and Critical Infrastructure

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an alert on recently-observed activity involving an advanced persistent threat actor exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability – CVE-2020-1472 – in Windows Netlogon. CISA explains this is a commonly-used tactic, known as “vulnerability chaining,” in which multiple vulnerabilities are exploited in the course of a single intrusion to compromise a network or application.

WaterISAC’s ‘15 Cybersecurity FUNdamentals Awareness Month’ (15CFAM) Continues – Having More FUN Safeguarding Systems and Administering Access

Welcome back to ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), WaterISAC’s supplement to National Cybersecurity Awareness Month (NCSAM). 15CFAM aims to walk through WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Today we saunter among safeguarding systems from unauthorized access and exposure from cyber and physical threats.

Johnson Controls Sensormatic Electronics American Dynamics Victor Web Client (ICSA-20-282-01)

CISA has published an advisory on an improper authorization vulnerability in Johnson Controls Sensormatic Electronics American Dynamics Victor Web Client. All versions up to and including v5.4.1 are affected. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to delete arbitrary files on the system or render the system unusable through a denial-of-service attack. Johnson Controls recommends users upgrade all versions of victor Web Client to v5.6. CISA also recommends a series of measures to mitigate this vulnerability.

CISA FY2019 Risk Vulnerability Assessment Infographic

The U.S. Department of Homeland Security Cybersecurity and Information Security Agency (CISA) has released an infographic mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. The infographic identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors. Cyber attackers can use these attack paths to compromise organizations.

DHS Homeland Threat Assessment, October 2020

Today the U.S. Department of Homeland Security (DHS) released Homeland Threat Assessment, an unclassified document that provides information into the department’s current threat priorities. The document includes only one reference to water but many references to critical infrastructure security generally, particularly with respect to cybersecurity. The report noted that Russia, China and North Korea have varying abilities to conduct cyber attacks against critical infrastructure.

Pages

Subscribe to Cybersecurity