Top level executives are more likely to expose their organization to potential cyber attacks compared to regular workers and they are also more likely to use easy to guess passwords, according to a new study by the cybersecurity company Ivanti.
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) published an assessment of 5G network slicing. The paper, Potential Threats to 5G Network Slicing, presents both the benefits and risks associated with 5G network slicing. And provides mitigation strategies that address potential threats to 5G network slicing.
Tuesday evening, investigative security journalist Brian Krebs (KrebsOnSecurity) broke news about an incident he has been tracking regarding the FBI’s InfraGard database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. The KrebsOnSecurity post explains the situation describing activity regarding a potential fraudulent account that may have enabled this compromise.
The FBI is aware and if you are an InfraGard member you were sent the following broadcast message yesterday.
InfraGard Members:
This week, CISA added 6 vulnerabilities to its Known Exploited Vulnerabilities Catalog, all for disclosed CVEs for 2022. The adds impact 5 vendors/products and have the customary 3 week remediation deadlines of 1/3/2023 and 1/4/2023. Four of the adds are particularly notable due to having been exploited as zero-days for widely used products and platforms prior to the patches being created, including Apple, Citrix, Fortinet, and Microsoft.
Security researchers at Fortinet have discovered three new ransomware families that are actively targeting victims around the world. Members are encouraged to keep abreast of the various ransomware families for awareness on unique characteristics and indicators of compromise for each.
The Ransomware Task Force (RTF), associated with the Institute for Security and Technology, recently published a December 2022 Progress Report, stressing that the scale of the ransomware threat continues to grow, even as stakeholders are devoting more attention to the challenge.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Despite AWIA Section 2013 and/or cyber insurance requirements, do you still struggle with risk management? Even more so with your third-party – vendors, contractors, consultants, and integrators – relationships? As organizations struggle with assessing risk across their own organizational attack surface, it’s often more challenging to assess the cyber risk posed from and preparedness of third-party partners (new and existing). Many aren’t sure where to start or even what questions to ask of these trusted partners – perhaps even more so with technology services partners.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Security Magazine has written an article proposing that utilizing employee surveillance capabilities is not the most effective way to handle the risk of insider threats to an organization, primarily due to the use of technology exacerbating what could already be a negative employee relationship.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
