July 2, 2020
CISA has updated this advisory with additional details on affected products and mitigation measures. Read the advisory at CISA.
June 18, 2020
While phishing for credentials is a top cyber attack vector, many threat actors do not need to rely on phishing because password guessing is so easy. Threat intelligence firm Flashpoint took a deep dive into its collection of over 35 billion compromised credentials and unsurprisingly discovered a primary parallel: people are predictable.
After slicing and dicing the top 10,000 bad passwords, Flashpoint observed:
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert highlighting risks associated with Tor, along with technical details and recommendations for mitigation. Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes.
WaterISAC convened a discussion with representatives of the Cyberspace Solarium Commission on July 1.
CISA has published an advisory on an improper restriction of XML external entity reference and uncontrolled resource consumption vulnerability in Mitsubishi Electric Factory Automation Engineering Software Products. Numerous versions of this product are affected. Successful exploitation of these vulnerabilities could allow a local attacker to send files outside of the system as well as cause a denial-of-service condition. Mitsubishi Electric recommends affected users download the latest version of each software product and update it.
June 30, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
June 2, 2020
CISA has updated this advisory with additional details of the affected products. Read the advisory at CISA.
May 28, 2020
SecurityRoundtable.org, powered by Palo Alto Networks posted resounding support for the necessity of public-private partnerships in the fight against cyber threats. Citing the fact that threat actors participate in collaboration to further attack campaigns, it is imperative that organizations across all facets of business do it better in defense of our networks and homeland security. The post cites several law enforcement organizations that are key to successful information and intelligence sharing, many of which WaterISAC maintains relationships.
Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Palo Alto Security Advisory for CVE-2020-2021 and apply the necessary updates or workarounds.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) reports multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device. CISA encourages users and administrators to update to the most recent firmware version and to replace end-of-life devices that are no longer supported with security patches. Given the increase in telework, CISA recommends that CISOs consider the risk that these vulnerabilities present to business networks.
Coronavirus cyber activity is receding, but has not abated. Today we bring you more scam highlights and key activity, including continued disinformation, ransomware, phishing, and even some non-coronavirus themes.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
