The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has announced the relaunch of the newly integrated us-cert.gov website. The new site consolidates us-cert.gov, which focused primarily on IT issues (e.g., tips and best practices for secure computing), and ics-cert.us-cert.gov, which addressed ICS topics (e.g., OT device vulnerabilities).
The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The report observes that many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.
As discussed in an email WaterISAC sent to members on June 24, Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), issued an advisory indicating his agency is aware of “a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies.” Krebs highlighted “destructive ‘wiper’ attacks” as a type of activity these threat actors are usin
According to a new report from cybersecurity company Radware, company executives now recognize cybersecurity as a key business driver as demonstrated by the increasing amount of attention and effort they’re dedicated to the topic. Radware reported that 98 percent of executives claim some management responsibility for cybersecurity, with 72 percent indicating that information security is an agenda item for every board meeting.
Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The NCCIC encourages users and administrators to review the Oracle Security Alert and apply the necessary updates.
The Cybersecurity and Infrastructure Security Agency (CISA) reports it is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications (CISA is part of DHS). The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.
The threat group Dragos tracks as XENOTIME has expanded its target set to include US electric utilities. XENOTIME is the group responsible for the TRISIS/TRITON malware, and the only group known to target safety instrumented systems (SIS). In February 2019, Dragos identified a persistent pattern of activity attempting to gather information and enumerate network resources associated with US and Asia-Pacific electric utilities.
As the air-gap becomes a thing of the past (many say it is already gone), how should industrial organizations, including utilities and other critical infrastructure facilities, maintain control and security of OT environments? While there are several fundamental cybersecurity controls that protect our networks, one program must be tackled before all others can be duly implemented – asset inventory. If it seems cybersecurity advice keeps harping on the need to perform an accurate, comprehensive, and current asset inventory, there is good reason – you cannot protect what you do not know.
Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild. The NCCIC encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches.
The Federal Trade Commission (FTC) has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information. The NCCIC encourages consumers to review the FTC article and FTC’s OnGuardOnline for additional information.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
