Cybersecurity

For Situational Awareness: Readout from State Convening to Discuss Cybersecurity and the Water Sector

WaterISAC is sharing this for your situational awareness. Last week, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies and Janet McCabe, EPA Deputy Administrator, met with state and local officials from across the country to discuss cybersecurity in the water sector. This meeting was initiated by EPA Administrator Michael Regan and National Security Advisor Jake Sullivan after they sent a letter to U.S. Governors.

Read more about For Situational Awareness: Readout from State Convening to Discuss Cybersecurity and the Water Sector

Supplemental Cyber Highlights – March 26, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

Read more about Supplemental Cyber Highlights – March 26, 2024

Ransomware Resilience – It’s Better to Learn from Someone Else’s Ransomware Incident

Throughout the decade, ransomware has become a prime method for attackers and one of the most impactful on victims. Threat actors don’t seem to discriminate, with attacks spanning all kinds of industries, both large and small. Regardless of the size or type of organization, when incidents occur there are always practical lessons that everyone can learn from to bolster your own resilience against similar attacks.

Read more about Ransomware Resilience – It’s Better to Learn from Someone Else’s Ransomware Incident

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 26, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 26, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Four Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 26, 2024

Passthrough: CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

CISA and the FBI released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. The alert came in response to a recent exploitation of SQL injection in a managed file transfer application (MOVEit) that affected thousands of organizations.

Read more about Passthrough: CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

Threat Awareness – MFA Bypass Attacks Keep Getting Easier to Execute

As Phishing-as-a-Service (PhaaS) offerings continue lowering the barrier to entry for low-skilled threat actors, “Adversary-in-the-Middle” (AitM) attacks have become much less technical to execute. Open-source toolkits make phishing campaigns accessible to the most novice threat actors. With such frameworks, actors can easily create custom Microsoft365 login pages and mimic other popular websites such as Amazon, Google, LinkedIn, Facebook, and X (formerly Twitter) to conduct opportunistic or highly targeted phishing campaigns.

Read more about Threat Awareness – MFA Bypass Attacks Keep Getting Easier to Execute

Cyber Resilience – Is your Utility Incident Response Ready?

As data breaches continue to impact organizations at an ever-increasing rate, the importance of effective cyber incident response is more important than ever. WaterISAC is sharing resources and tools to help utilities prepare for and implement this crucial aspect of organizational security.

Read more about Cyber Resilience – Is your Utility Incident Response Ready?

Security Awareness – Help Users Keep Themselves Safe from Scams

Given the blurred lines between work and personal online activities, it’s not only important to keep users aware of cyber threats that put our organizations at risk, but it’s equally important to make security awareness personal and enable users to keep themselves safe from online harm.

Read more about Security Awareness – Help Users Keep Themselves Safe from Scams

Passthrough: Updated Joint Guide – Understanding and Responding to Distributed Denial-Of-Service Attacks

Today, CISA, the FBI, and MS-ISAC released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, which addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The updated guidance now includes detailed insight into three different types of DDoS techniques:

Read more about Passthrough: Updated Joint Guide – Understanding and Responding to Distributed Denial-Of-Service Attacks

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 21, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 21, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as other alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 21, 2024

You are here

Cybersecurity

For Situational Awareness: Readout from State Convening to Discuss Cybersecurity and the Water Sector

Supplemental Cyber Highlights – March 26, 2024

Ransomware Resilience – It’s Better to Learn from Someone Else’s Ransomware Incident

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 26, 2024

Passthrough: CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

Threat Awareness – MFA Bypass Attacks Keep Getting Easier to Execute

Cyber Resilience – Is your Utility Incident Response Ready?

Security Awareness – Help Users Keep Themselves Safe from Scams

Passthrough: Updated Joint Guide – Understanding and Responding to Distributed Denial-Of-Service Attacks

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 21, 2024

Pages

You are here

Cybersecurity

Pages

Footer Email Signup