Cybersecurity

Cyber Resilience – VPN Exploitation, Don’t Blindly Trust Your VPN

From ransomware groups to state-sponsored actors, multiple cyber threat actor types are exploiting vulnerabilities on edge devices and remote services. Edge devices should be considered among the critical assets of any organization and the security of such devices should be one of the highest priorities. This includes VPNs, as a compromised VPN server could allow attackers to easily gain control over other critical assets in the network.

Read more about Cyber Resilience – VPN Exploitation, Don’t Blindly Trust Your VPN

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 13, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 13, 2024

Cyolo Joins WaterISAC’s List of Champions

Cyolo Joins WaterISAC’s List of Champions
WaterISAC Champions enhance Water and Wastewater Sector security.

Read more about Cyolo Joins WaterISAC’s List of Champions

CISA Shares Best Practices for Cisco Device Configuration

In recent incidents, CISA has observed that malicious cyber actors have obtained system configuration files by exploiting available protocols or software on devices, including the misuse of the legacy Cisco Smart Install feature.

Read more about CISA Shares Best Practices for Cisco Device Configuration

Supplemental Cyber Highlights – August 8, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

Read more about Supplemental Cyber Highlights – August 8, 2024

ICS/OT Threat Awareness – Censys Researchers Reveal Over 40,000 Vulnerable ICS Devices, Many Linked to Water and Wastewater

Recent research conducted by Censys, an internet intelligence platform, provides an extensive analysis of the exposure of industrial control systems (ICS), discovering over 40,000 vulnerable ICS devices in the U.S. alone. Excluding building control and automation protocols, there are approximately 18,000 exposed devices likely controlling critical industrial systems. Additionally, nearly half of the human-machine interfaces (HMIs) associated with water and wastewater systems were found to be vulnerable to manipulation without requiring any authentication.

Read more about ICS/OT Threat Awareness – Censys Researchers Reveal Over 40,000 Vulnerable ICS Devices, Many Linked to Water and Wastewater

CISA Alert – CISA Releases Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem

Today, CISA and the FBI jointly published “Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem.” The guide is designed to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start.

Read more about CISA Alert – CISA Releases Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem

CISA Alert – Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Joint Advisory

The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal). FBI investigations identified these TTPs and IOCs as recently as July 2024.

Read more about CISA Alert – Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Joint Advisory

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 8, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 8, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 1, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 1, 2024

You are here

Cybersecurity

Cyber Resilience – VPN Exploitation, Don’t Blindly Trust Your VPN

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 13, 2024

Cyolo Joins WaterISAC’s List of Champions

CISA Shares Best Practices for Cisco Device Configuration

Supplemental Cyber Highlights – August 8, 2024

ICS/OT Threat Awareness – Censys Researchers Reveal Over 40,000 Vulnerable ICS Devices, Many Linked to Water and Wastewater

CISA Alert – CISA Releases Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem

CISA Alert – Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Joint Advisory

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 8, 2024

CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – August 1, 2024

Pages

You are here

Cybersecurity

Pages

Footer Email Signup