You are here

Home » Cybersecurity

Cybersecurity

Threat Trend Awareness – Living on the Edge (of the Network Perimeter)

From ransomware groups to state-sponsored actors, multiple cyber threat actor types are exploiting vulnerabilities on edge devices, remote services, and other components that are exposed at the network edge (that shouldn’t be). It’s not just known vulnerabilities that are being exploited on devices that asset owners leave unpatched. Well-resourced and capable threat actors are increasingly developing complex zero-day exploits, making it particularly important to have a plan to protect these devices before those that are able can be patched.

Threat Awareness – Threat Actors Confound Users into Compromise via the Clipboard

Proofpoint posted research on an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Essentially, through the use of fake Google Chrome, Word, and OneDrive errors, users may be tricked into literally copying and pasting malicious PowerShell scripts into their Windows terminals.

Partner Resource – CISA and Partners Release Guidance for Modern Approaches to Network Access Security

WaterISAC is passing along this partner guidance for broader awareness to assist utilities with organizational cyber resilience efforts.

Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), released guidance, Modern Approaches to Network Access Security, along with the following organizations: 

NIST – NCCoE Releases Technical Note Focusing on OT Remote Access in Water and Wastewater Sector Cybersecurity Architectures

Yesterday, NIST through its National Cybersecurity Center of Excellence (NCCoE) released a draft Technical Note inviting public comments. The Note outlines universal remote access cybersecurity architectures and demonstrative solutions planned for the ‘Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems’ project. The public comment period is open through July 15, this year.

National Internet Safety Month: CISA Shares Four Easy Steps to Stay Safe Online

June was designated as National Internet Safety Month by the U.S. Senate in 2005 primarily to raise awareness of internet dangers and highlight the need for education about online safety. Since that time, with the rise of smartphones and other technologies, the amount of time people spend online has grown enormously – as have the risks.

As data from numerous studies have shown, the nation needs more education and training about the risks we face online and how to stay safe when using connected devices.

CISA Alert – Phone Scammers Impersonate CISA Employees

WaterISAC is passing through this CISA alert for member awareness. Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret. Members are encouraged to be extra vigilant when receiving communications from CISA.

Pages

Subscribe to Cybersecurity