With cybersecurity firm Zscaler reporting a near 30,000 percent increase in COVID-19 themed attacks since January, there is no shortage of scams to report.
The Canadian Internet Registration Authority (CIRA, the non-profit agency that managers the .ca Internet domain) and Canadian Centre for Cyber Security have teamed up to offer Canadian Shield, a free protected domain name system (DNS) service that prevents Canadians from connecting to malicious websites that might infect their devices and steal their personal information. CIRA is providing the threat blocking technology while the Canadian Centre for Cyber Security is offering its threat intelligence services – basically a who's-who list of every bad actor roaming the web.
The Israel National Cyber Directorate issued an alert on April 23, stating the agency received reports of cyber intrusion attempts at wastewater treatment plants, water pumping stations, and sewers. Details are extremely limited, but based on guidance issued to energy and water sectors to immediately report any operational disruption and change passwords with emphasis on operational systems, particularly regarding chlorine control in water supplies, the attempted attack is believed to have targeted SCADA systems.
CISA has published an advisory on exposure of sensitive information to an unauthorized actor and improper input validation vulnerabilities in LCDS LAquis SCADA. Versions 4.3.1 and prior are affected. Successful exploitation of these vulnerabilities could allow unauthorized attackers to view sensitive information and create files in arbitrary locations. LCDS recommends users update to the latest version of LAquis SCADA. CISA also recommends a series of measures to mitigate the vulnerabilities.
An SRU would not be complete these days without highlights of coronavirus-related cyber activity. Today, we bring you another COVID-19 Key Developments from risk intelligence organization Flashpoint, including government responses, law enforcement actions, cybercrime activity related to coronavirus, and trends in mis/disinformation.
April 23, 2020
CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.
August 20, 2019
The NCCIC has updated this advisory with additionally information on mitigating measures. Read the advisory at CISA.
May 2, 2019
If it seems like non-ransomware extortion (i.e., “sextortion”) scams have been inundating inboxes lately, cybersecurity firm Sophos confirms it has. In fact, potentially to the tune of tens or even hundreds of millions of messages, including at least five different variations in the past few days. Knowing there is no validity to the scammers claim, the messages are still unnerving and a nuisance, to say the least.
Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft Advisory ADV200004 and apply the necessary updates.
April 22, 2020
OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. Read the advisory at CISA.
Most initial network compromises occur due to social engineering techniques such as phishing websites and malicious attachments.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
