Cybersecurity

CISA Releases Personal Security Considerations Action Guide for Critical Infrastructure Workers

CISA recently published the “Personal Security Considerations Action Guide: Critical Infrastructure Workers,” to help critical infrastructure workers assess their security posture and provide options to consider whether they are on or off the job. This guide provides actionable recommendations and resources intended to prevent and mitigate threats to a critical infrastructure worker’s personal safety.

Read more about CISA Releases Personal Security Considerations Action Guide for Critical Infrastructure Workers

Security Awareness – Continued use of “Adversary-in-the-Middle” (AitM) Attacks Expected to Continue

As Phishing-as-a-Service (PhaaS) offerings have lowered the barrier to entry for low-skilled threat actors, “Adversary-in-the-Middle” (AitM) attacks have become much less technical to execute. Open-source toolkits such as “EvilGinx3,” make phishing campaigns accessible to the most novice threat actors. With such frameworks, actors can easily create custom Office 365 login pages; mimic other popular websites such as Amazon, LinkedIn, Facebook, and X (formerly Twitter) to conduct opportunistic or highly targeted phishing campaigns.

Read more about Security Awareness – Continued use of “Adversary-in-the-Middle” (AitM) Attacks Expected to Continue

Cyber-Physical Security Awareness – Effective Social Engineering Tricks that Still Work

Do you ever get the feeling users still don’t believe or understand how easy it is for threat actors to find information to use against them and/or our organizations? Or about how trivial it is for threat actors to blend in with normal activity? Are you fascinated or flabbergasted that the most simplistic good ol’ fashioned social engineering tricks (cyber or physical) are still successful after all these years?

Read more about Cyber-Physical Security Awareness – Effective Social Engineering Tricks that Still Work

Supplemental Cyber Highlights – January 9, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Incidents & Threats

Read more about Supplemental Cyber Highlights – January 9, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – January 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – January 9, 2024

Supplemental Cyber Highlights – January 4, 2024

Critical Infrastructure Resilience

Read more about Supplemental Cyber Highlights – January 4, 2024

Cyber Resilience - WaterISAC’s Monthly Cyber Threat Briefing Gets New Name to Better Reflect Mission

‘Tis the season for fresh starts. To that end, WaterISAC is announcing the rebranding of its monthly Cyber Threat Briefing. While it will certainly continue to offer briefings on active threats and vulnerabilities or relevant incidents as appropriate, the slight name change will more closely embody the varied cyber resilience content this monthly webinar has been providing.

Read more about Cyber Resilience - WaterISAC’s Monthly Cyber Threat Briefing Gets New Name to Better Reflect Mission

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – January 4, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Three Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – January 4, 2024

Supplemental Cyber Highlights – December 28, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

IT Vulnerabilities

Read more about Supplemental Cyber Highlights – December 28, 2023

Highlighting Federal Initiatives in 2023 that Impacted the Cybersecurity Landscape

Throughout 2023 the U.S. federal government launched several notable initiatives to help strengthen cybersecurity at the federal level and help organizations of all sizes enhance their cybersecurity and resilience amidst increasing threats.

Read more about Highlighting Federal Initiatives in 2023 that Impacted the Cybersecurity Landscape

You are here

Cybersecurity

CISA Releases Personal Security Considerations Action Guide for Critical Infrastructure Workers

Security Awareness – Continued use of “Adversary-in-the-Middle” (AitM) Attacks Expected to Continue

Cyber-Physical Security Awareness – Effective Social Engineering Tricks that Still Work

Supplemental Cyber Highlights – January 9, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – January 9, 2024

Supplemental Cyber Highlights – January 4, 2024

Cyber Resilience - WaterISAC’s Monthly Cyber Threat Briefing Gets New Name to Better Reflect Mission

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – January 4, 2024

Supplemental Cyber Highlights – December 28, 2023

Highlighting Federal Initiatives in 2023 that Impacted the Cybersecurity Landscape

Pages

You are here

Cybersecurity

Pages

Footer Email Signup