You are here

Home » Cybersecurity

Cybersecurity

CISA and Partners Publish Joint Cybersecurity Advisory Warning of Spear-phishing Campaigns from Russian-based Threat Actor Group Star Blizzard

Today, CISA, the FBI, the National Security Agency, and other international partners released a joint cybersecurity advisory (CSA), titled “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by a Russian-based threat actor group known as Star Blizzard that targets individuals and organizations globally.

FEMA National Preparedness Report Highlights Cyber Threats, Lack of Building Code Adoption, and Other Challenges

This week, FEMA released the 12th annual National Preparedness Report, which provides an overview of the nation’s current disaster risk and capability landscape. This year’s report highlights cyber threats, gaps in individual and household preparedness, and the lack of building code adoption as key areas for improvement to increase national resilience.

Irish Utility Experiences Water Disruption after Politically Motivated Threat Actor Compromises Israeli Pumping System

Last week, a group of unknown threat actors compromised a water pumping system for a "private group water scheme" in the Erris area of Ireland, resulting in the loss of water for 180 homeowners for two days. The perpetrators said the equipment - a "Eurotronics Israeli-made water pumping system" - was targeted due to the fact it originated in Israel, in an incident reminiscent of the recent exploitation of Unitronics PLCs.

2023 Holiday Shopping Scams (Updated December 5, 2023)

December 5, 2023

In this update on 2023 Holiday Shopping Scams, WaterISAC alerts members that reports indicate cyber criminals are currently targeting SaaS services and utilizing AI technology, social media phishing, and brand impersonation to pilfer from various sectors. Companies may want to consider proactive measures, such as manual or automated takedown services, to maintain consumer trust during the bustling holiday shopping season.

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Today, CISA released a cybersecurity advisory “Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers,” in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a federal civilian executive branch agency. This vulnerability presents as an improper access control issue impacting specific versions of Adobe ColdFusion, some of which are no longer supported. 

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – December 5, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Two Industrial Control Systems Advisories

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

(TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Updated November 30, 2023)

As WaterISAC continues to monitor for more information regarding this incident, we would like to make members aware that this may not be an isolated incident. There have been a few open source reports about additional incidents with similar characteristics having occurred at other US water and wastewater utilities. WaterISAC is currently attempting to confirm those reports.

Based on this information, as a reminder members are highly encouraged to:

Pages

Subscribe to Cybersecurity