Cybersecurity

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

As part of CISA’s new Security by Design (SbD) Alert series, the agency published guidance on how manufacturers can protect customers by eliminating default passwords. The development comes after CISA sent out an alert earlier this month, stating Iranian actors affiliated with the Islamic Revolutionary Guard Corps have been actively exploiting operational technology devices with default passwords to gain access to critical infrastructure systems in the U.S.

Read more about CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

What To Do When Receiving Unprompted MFA OTP Codes

As more sites and services offer and require multi-factor authentication (MFA), cyber threat actors have turned to various methods to bypass this additional protection. From these attempts, actual account holders may receive unprompted one-time passcodes (OTPs). Receiving an OTP sent as an email or text should be a cause for concern as it likely means the account holder's credentials have been stolen, but there are steps to take to stop the activity in its tracks.

Read more about What To Do When Receiving Unprompted MFA OTP Codes

NSA Releases Recommendations to Mitigate Software Supply Chain Risks

In response to an increase in cyber attacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) published a new Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain.

Read more about NSA Releases Recommendations to Mitigate Software Supply Chain Risks

Joint Cybersecurity Advisory – #StopRansomware: Play Ransomware

Yesterday, CISA, the FBI, and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA), “#StopRansomware: Play Ransomware,” to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023.

Read more about Joint Cybersecurity Advisory – #StopRansomware: Play Ransomware

Supplemental Cyber Highlights – December 19, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

Read more about Supplemental Cyber Highlights – December 19, 2023

Joint Cybersecurity Advisory – Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

Yesterday, CISA, along with the FBI, the National Security Agency (NSA), and several international partners released a joint Cybersecurity Advisory (CSA), “Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally,” to warn that Russian threat actors are exploiting CVE-2023-42793 at a large scale, targeting servers hosting JetBrains TeamCity software.

Read more about Joint Cybersecurity Advisory – Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

Microsoft and Cyberspace Solarium Commission Address Urgent Water Infrastructure Cybersecurity Threats with Multistakeholder Solutions

Microsoft and the Cyberspace Solarium Commission 2.0 (CSC) have released a report addressing the growing threat to water and wastewater infrastructure cybersecurity.

Read more about Microsoft and Cyberspace Solarium Commission Address Urgent Water Infrastructure Cybersecurity Threats with Multistakeholder Solutions

People's Republic of China State-Sponsored Cyber Actor Volt Typhoon (Updated December 14, 2023)

December 14, 2023

The U.S. cybersecurity landscape faces a critical challenge with the emergence of a highly resilient botnet operated by the China state-sponsored threat actor labeled Volt Typhoon. This botnet has ingeniously repurposed end of life Small Office/Home Office (SOHO) routers from Cisco, Netgear, and Fortinet, and set up a Tor-like covert data transfer network to perform malicious operations.

Read more about People's Republic of China State-Sponsored Cyber Actor Volt Typhoon (Updated December 14, 2023)

Joint Cybersecurity Advisory - Karakurt Data Extortion Group (Updated December 14, 2023)

December 14, 2023

CISA has added language about Cisco VPNs being a possible initial access vector to the alert. Given the widespread use of Cisco products, WaterISAC is sharing this for situational awareness purposes.

June 2, 2022

Read more about Joint Cybersecurity Advisory - Karakurt Data Extortion Group (Updated December 14, 2023)

Supplemental Cyber Highlights – December 14, 2023

Critical Infrastructure

Read more about Supplemental Cyber Highlights – December 14, 2023

You are here

Cybersecurity

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

What To Do When Receiving Unprompted MFA OTP Codes

NSA Releases Recommendations to Mitigate Software Supply Chain Risks

Joint Cybersecurity Advisory – #StopRansomware: Play Ransomware

Supplemental Cyber Highlights – December 19, 2023

Joint Cybersecurity Advisory – Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

Microsoft and Cyberspace Solarium Commission Address Urgent Water Infrastructure Cybersecurity Threats with Multistakeholder Solutions

People's Republic of China State-Sponsored Cyber Actor Volt Typhoon (Updated December 14, 2023)

Joint Cybersecurity Advisory - Karakurt Data Extortion Group (Updated December 14, 2023)

Supplemental Cyber Highlights – December 14, 2023

Pages

You are here

Cybersecurity

Pages

Footer Email Signup