You are here

Home » Cybersecurity

Cybersecurity

Ransomware Resilience – What Utilities Should Keep in Mind and Key Takeaways from the Sophos Report

Ransomware resilience is more than just having validated backups for restoring your systems after a ransomware attack, vulnerability management has a lot to do with it too – that could be patching or addressing through compensating controls if patching is not possible. While ransomware attacks have negative outcomes no matter the attack vector, Sophos explains that exploiting unpatched vulnerabilities has the greatest business impact.

Cyber Resilience – E-ISAC’s GridEx VII Provides Lessons for Water and Wastewater Utilities

The Electricity Information Sharing and Analysis Center (E-ISAC), a WaterISAC partner, has released its GridEx VII Lessons Learned Report, its seventh biennial grid security and resilience exercise which took place in November 2023. The exercise is the largest of its kind in North America and included over 15,000 participants from approximately 250 North American organizations including water and wastewater utilities.

Cyber Resilience – CISA Dedicates Webpage for Resources for Civil Society and High-Risk Communities

Clayton Romans, Associate Director of Joint Cyber Defense Collaborative, shared a blog post in which he highlights a new suite of resources from CISA, in their new High-Risk Communities webpage, which provides civil society organizations guidance on bolstering their cyber defense and resi

Threat Awareness – Presence of Chinese Manufactured Connected Devices in U.S. Networks, Including Water and Wastewater Utilities

There have been significant concerns in recent years over specific foreign-made components existing on U.S. networks, specifically devices and software connected to the internet carrying the risk of the potential for abuse via backdoors, supply chain implants, and tampering to aid in espionage or disrupt critical infrastructure. However, despite official government bans, research indicates foreign-manufactured connected device usage is growing faster in the U.S. than in other countries.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 2, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 2, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Security Awareness – Impersonation Scams, the Real Threat?

Data compiled by the FTC’s Consumer Sentinel Network shows that losses from impersonation scams in 2023 top $1.1 billion, three times higher than in 2020. The data was based on 490,000 scams reported to the agency in 2023, 330,000 of which were for business impersonation complaints, and the rest were from government impersonations. Most of the scams were conducted via phone calls, followed by email and text messaging, although the former has been in decline, and the latter on the rise, for the last three years.

Vulnerability Awareness – Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library

Reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1 have caused CISA and the open source community to respond. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 28, 2024

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 28, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following alerts, updates, and bulletins.

  • There were no Industrial Control Systems Advisories since March 26 as of this writing.

Alerts, Updates, and Bulletins:

Pages

Subscribe to Cybersecurity