Cybersecurity

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

This afternoon, CISA issued Emergency Directive 24-02 to address the significant risk from nation-state compromise of Microsoft Corporate Email System. Due to this heightened concern, WaterISAC recommends members review the ED, remain vigilant, and act accordingly as it is believed that the email compromise extends beyond the federal government and may impact other critical entities and the broader ecosystem.

Read more about CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

NSA Issues Guidance for Maturing Data Security

The National Security Agency (NSA) is issuing guidance for maturing data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Data Pillar,” are intended to ensure only those with authorization can access data. The capabilities outlined in the CSI integrate into a comprehensive Zero Trust (ZT) Framework.

Read more about NSA Issues Guidance for Maturing Data Security

(Update: April 11, 2024) Incident Awareness – EPA Investigating Alleged Data Breach

The EPA has disclosed that the recent data leak by threat actor USDoD appears to include “business contact information already available to the public.” It is unclear if this statement refers to only a portion of the data, or all of it. They said the information was previously released to provide the public “a comprehensive picture of environmental impacts.” No further details regarding the exposed information were provided by the EPA amid ongoing investigation.

Read more about (Update: April 11, 2024) Incident Awareness – EPA Investigating Alleged Data Breach

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Nine Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

Supplemental Cyber Highlights – April 9, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

Read more about Supplemental Cyber Highlights – April 9, 2024

Ransomware Awareness – What’s Influencing the Dip During Q1 2024?

Ransomware attacks increased substantially in 2023 showing a 55% increase in victims worldwide and reaching 5,070 cases. While Q4 2023 erupted with 1309 cases, Q1 2024 saw a 22% decrease. The Hacker News gives two main reasons for last quarter’s dip in ransomware cases.

Read more about Ransomware Awareness – What’s Influencing the Dip During Q1 2024?

Threat Awareness – Evasive Malware, Latrodectus, Found in Various Phishing Campaigns

Since at least November 2023, a new malware called Latrodectus has been distributed in various phishing campaigns. The malware exhibits evasion functionality making it difficult to detect and shows qualities similar to the IcedID malware which threat actors used as an initial access broker (IAB) to sell unauthorized access to other threat actors facilitating further exploitation.

Read more about Threat Awareness – Evasive Malware, Latrodectus, Found in Various Phishing Campaigns

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

Supplemental Cyber Highlights – April 4, 2024

Critical Infrastructure

Read more about Supplemental Cyber Highlights – April 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases Two Industrial Control Systems Advisories

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

You are here

Cybersecurity

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

NSA Issues Guidance for Maturing Data Security

(Update: April 11, 2024) Incident Awareness – EPA Investigating Alleged Data Breach

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 11, 2024

Supplemental Cyber Highlights – April 9, 2024

Ransomware Awareness – What’s Influencing the Dip During Q1 2024?

Threat Awareness – Evasive Malware, Latrodectus, Found in Various Phishing Campaigns

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024

Supplemental Cyber Highlights – April 4, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024

Pages

You are here

Cybersecurity

Pages

Footer Email Signup