The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises the United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability - CVE-2020-16952 - affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system.
In keeping with this week’s NCSAM theme of internet-connected devices (in healthcare), we decided to jump way ahead in our ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series to #14 (Address All Smart Devices) and #13 (Secure the Supply Chain) from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide.
The NCSAM focus for week three is on healthcare, specifically the internet-connected devices that increasingly dominate this vital sector. Given the emphasis on patient care, it goes without saying that the personal implications of internet-connected devices in healthcare are extremely critical. From hospitals and care facilities, to telemedicine, wellness apps, and implanted medical devices, industry and consumers alike need to understand the threats and take the necessary steps to secure these vulnerable and highly targeted devices.
Benchmark assessments not only provide (anonymous) measurement against peers, but also help set and prioritize goals. Assessment results can be used internally to set benchmarks, prioritize actions, and plan future cybersecurity investments.
Welcome back to our next installment of ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM), as WaterISAC continues its complement to National Cybersecurity Awareness Month (NCSAM). We hope you were challenged a little by our last 15CFAM on Consequence-driven Cyber-informed Engineering (CCE), but as promised we are back to a more broadly practical fundamental on vulnerability management.
In recognition of National Cybersecurity Awareness Month, the FBI’s Portland, Oregon field office is offering some important reminders on how to stay safe online. For this week’s publication, it focuses on building a digital defense against some of the most common forms of cyber scams. It discusses two of the most common schemes, those involving ransomware and business email compromise (BEC). It also describes two of the typical vectors for these attacks, specifically spoofing and phishing.
CISA has published an advisory on an SQL injection vulnerability in Advantech R-SeeNet. Versions 1.5.1 through 2.4.10 are affected. Successful exploitation of this vulnerability could allow remote attackers to retrieve sensitive information from the R-SeeNet database. Advantech recommends updating to Version 2.4.11 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has published an advisory on an external control of file name or path vulnerability in Advantech WebAccess/SCADA. Versions 9.0 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to execute remote code as an administrator. Advantech recommends users update to Version 9.0.1 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
October 15, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
October 1, 2020
CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.
September 17, 2020
On Monday, a coalition of tech companies orchestrated a takedown attempt of TrickBot, currently one of the most successful malware-as-a-service operations. TrickBot survived the operation, with the command and control servers and domains that had been seized replaced the next day by new infrastructure. However, the operation appears to have had some effect on TrickBot, even if it was just temporal and limited. "Our estimate right now is what the takedown did was to give current victims a breather," a security researcher said.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
