September 8, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
August 11, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
April 16, 2020
September 8, 2020
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
July 14, 2020
CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.
May 12, 2020
September 8, 2020
CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.
August 11, 2020
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises it is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide.
While properly securing devices like laptops and USBs that are not perpetually connected to the network is not a new problem, that endeavor became exponentially more complicated in light of the current pandemic. Prior to the pandemic, some organizations were able to greatly restrict transient devices in their environment; now, not so much.
Yesterday the U.S. Department of Homeland Security Cybersecurity Agency (CISA) and the Office of Management and Budget released three documents providing guidance for how federal government agencies should manage vulnerabilities. The CISA guidance consists of a binding operational directive (BOD) that requires each federal agency to publish a vulnerability disclosure program (VDP) as well as implementation guidance.
What do you get when you combine the influence of the Cybersecurity and Infrastructure Security Agency (CISA) with the resources of the Multi-State Information Sharing and Analysis Center (MS-ISAC) and a global internet edge technology provider with an unprecedented view of the threat landscape? In short, MDBR – Malicious Domain Blocking and Reporting. The Center for Internet Security (CIS) has partnered through MS-ISAC and EI-ISAC with CISA and Akamai to make MDBR available at no cost to the members of the MS-ISAC and EI-ISAC.
CISA has published an advisory on predictable exact value from previous values vulnerability in multiple products from Mitsubishi Electric. Successful exploitation of this vulnerability could be used to hijack TCP sessions and allow remote command execution. Mitsubishi Electric recommends that users take a series of mitigation measures to minimize the risk of exploiting this vulnerability. CISA recommends a series of measures to mitigate the vulnerability.
When Emotet is active there is no shortage of discoveries of additional behaviors designed to trick users and expand its infections. Last week, researchers discovered a new template that Emotet is using in its attachments. When a user clicks on an Emotet-laden attachment, they are presented with a red accent colored prompt to 'Enable Editing' and 'Enable Content' to view the document. This template has been named ‘Red Dawn’ due to the red accent colors.
Knowing your assets is the foundation of a successful cybersecurity strategy. In fact, it is unrealistic to expect to adequately complete a basic cyber risk assessment without a comprehensive asset inventory. According to PAS, the OT integrity company, “without such an inventory, it is impossible to have the visibility necessary to understand and reduce risk.” OT asset inventory is not a one-size fits all program, and what qualifies as a good OT asset inventory is different for every organization.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
