The National Security Agency (NSA) has just released Selecting and Safely Using Multifactor Authentication Solutions, which it intends to help partners more securely select and use multi-factor authentication (MFA) capabilities.
September 24, 2020
CISA has updated this advisory with additional information on the affected products and the vulnerabilities. This advisory was originally published on January 10, 2013. Read the advisory at CISA.
Pardon the stretch for the purpose of the title; I hope the spirit with which it was intended is somewhat appreciated. In a blog post at Tenable yesterday, Marty Edwards highlighted how current work from the Cybersecurity and Infrastructure Security Agency (CISA), along with three recently proposed bills should have positive cross-sector benefits. While the proposed bills are specific to grid security and resilience, Mr. Edwards suggests their influence should improve cross-sector collaboration and information sharing.
Whether consistently performed and maintained or not, there is little argument on the importance of being proactive with the NIST Cybersecurity Framework’s first 2 core principles of identification and protection. The OT integrity company PAS Global makes an interesting observation that the importance of proactive detection, response, and recovery are not as well-discussed or practiced in OT environments. PAS explains this assertion by highlighting a recent case that illustrates some failures and opportunities associated with being reactive vs.
With all the disasters that have happening, or that are still happening, the Federal Trade Commission (FTC) reminds the public that shameless scammers will try to leverage these events to steal money. As people open their hearts and wallets to help people and causes, it advises them to consider a list of tips for safe giving. The FTC posting also includes a video, a separate website with more tips on how to spot and avoid charity scams, and where to file a complaint.
CISA has published an advisory on a cross-site scripting vulnerability in GE Reason S20 Ethernet Switches. All firmware versions prior to 07A06 are affected. Successful exploitation of these vulnerabilities could allow unauthorized accounts manipulation and allow for remote code execution. GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. CISA recommends a series of measures to mitigate the vulnerability.
CISA has published an advisory on authorization bypass through user-controlled key and use of a one-way hash without a salt vulnerabilities in GE Digital APM Classic. Versions 4.4 and prior are affected. Successful exploitation of these vulnerabilities could allow access to sensitive information. GE Digital APM Classic 4.5 contains mitigations for these vulnerabilities. GE Digital recommends all users upgrade to GE Digital APM Classic 4.5 or newer. CISA recommends a series of measures to mitigate the vulnerabilities.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about the LokiBot malware, which it notes it has observed a notable increase in the use of by malicious cyber actors since July 2020. According to the alert, LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors across a wide variety of data compromise use cases.
September 21, 2020
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability – CVE-2020-1472 – affecting Microsoft Windows Netlogon Remote Protocol. ED 20-04 applies to federal government departments and agencies, requiring that they apply updates and report completion to CISA by Wednesday, September 23.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
