Cybersecurity

NSA Cybersecurity Information Sheet: Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar

The NSA recently published a Cybersecurity Information Sheet (CSI) continuing its focus on zero-trust security, this time looking at the Visibility and Analytics Pillar of the Zero Trust (ZT) framework. The NSA urges organizations to utilize the guidance in the report to systematically mitigate risks and rapidly identify, detect, and respond to emerging cyber threats. The NSA recommends the following actions:

Read more about NSA Cybersecurity Information Sheet: Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar

Supplemental Cyber Highlights – June 4, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

Read more about Supplemental Cyber Highlights – June 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 4, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Four Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 4, 2024

Supplemental Cyber Highlights – May 30, 2024

Critical Infrastructure

Read more about Supplemental Cyber Highlights – May 30, 2024

Threat Awareness – Microsoft Office365 Suite of Threats

As Office365 software applications continue to be used regularly by the majority of users in virtually all industries, the threats that lurk in the software suite affect practically all who use a computer, including systems administrators and users alike. While these threats are nothing new, certain developments have made them more dangerous – like how Microsoft started allowing the use of python scripts within Excel since September 2023 for instance, increasing the potential for malicious use.

Read more about Threat Awareness – Microsoft Office365 Suite of Threats

Passthrough – Wisconsin Fusion Center Report (TLP: WHITE) – Emerging Ransomware Actor Targeting VMware ESXi

The Wisconsin Fusion Center has shared an intelligence report regarding an increase in ransomware attacks within the state. They have identified a new threat actor known as “Fog” who is behind some of these attacks.

Notables from the report:

Read more about Passthrough – Wisconsin Fusion Center Report (TLP: WHITE) – Emerging Ransomware Actor Targeting VMware ESXi

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 30, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Seven Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 30, 2024

Supplemental Cyber Highlights – May 28, 2024

Critical Infrastructure

Read more about Supplemental Cyber Highlights – May 28, 2024

Passthrough – Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication

Given widespread use, WaterISAC is passing through the following alert which incorporates patches that address previously reported on zero day vulnerabilities regarding ArcaneDoor. Cisco released a bundled publication for security advisories that address vulnerabilities in Cisco Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) software.

Read more about Passthrough – Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication

Cyber Resilience – 4-Steps to Mapping and Securing Organizational Critical Assets

One of the many challenges that cybersecurity teams of all sizes face, is knowing where to focus their limited efforts and resources. This is why one of the first things any cybersecurity team should be preoccupied with is obtaining a clear picture of the business-critical assets of their organization, and to maintain a proper inventory of the technology used – essentially mapping out the organization to identify the most needed areas to secure. In a recent article, The Hacker News shares a four-step approach to mapping and securing the most critical assets of an organization.

Read more about Cyber Resilience – 4-Steps to Mapping and Securing Organizational Critical Assets

You are here

Cybersecurity

NSA Cybersecurity Information Sheet: Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar

Supplemental Cyber Highlights – June 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – June 4, 2024

Supplemental Cyber Highlights – May 30, 2024

Threat Awareness – Microsoft Office365 Suite of Threats

Passthrough – Wisconsin Fusion Center Report (TLP: WHITE) – Emerging Ransomware Actor Targeting VMware ESXi

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 30, 2024

Supplemental Cyber Highlights – May 28, 2024

Passthrough – Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication

Cyber Resilience – 4-Steps to Mapping and Securing Organizational Critical Assets

Pages

You are here

Cybersecurity

Pages

Footer Email Signup