2025/35 Weekly Update from the EU ISAC for Cities & Regions: Exploring ENISA OpenSSAM / Gartner suggests blocking all AI browsers for the foreseeable future / Top Relevant CVEs, Products and Ports / Integrating Barista with our MISP – Remember many of you have accounts there.
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
Discussion Summary
Hi everyone, friends from Belgium and Italy joined for a casual chat as we all sort of eye the end of the year and look forward to some time off. Threat trendlines relatively flat and we took a look at the OpenSSAM solution we are working to jointly get access to (seems a bit of an issue on EU side to manage applications) and explore collaboration opportunities.
ENISA OpenSSAM refers to the “Open Cyber Situational Awareness Machine” (OpenCSAM), a tool developed by the European Union Agency for Cybersecurity (ENISA). OpenCSAM is designed to process large amounts of cybersecurity data from various sources—such as ENISA publications, websites, RSS feeds, and social media—and produce situation awareness reports. These reports provide an informed, aggregated, and up-to-date view of cybersecurity events and threats over a specific timeframe, helping stakeholders make better-informed decisions about cybersecurity risks and responsesenisa.europa.eu. The tool aims to enhance cyber situational awareness not only for ENISA but also for other EU bodies and member states, supporting timely and accurate threat intelligence and response. The ENISA OpenCSAM (Open Cyber Situational Awareness Machine) is not a tool that is publicly available for general registration or download. However, you can access its web application and Kibana interface by configuring your computer to map specific DNS names to the provided IP addresses (let me know if you would like more details on this). ENISA OpenCSAM does not offer a public registration or account request process for general users. The tool is primarily used internally by ENISA and its stakeholders, and access is typically granted through specific procurement, collaboration, or project participation channels. As an ISAC we were able to gain access last year. Browsing todays updates, one find struck my eye in that “Gartner’s fears about the agentic capabilities of AI browser relate to their susceptibility to “indirect prompt-injection-induced rogue agent actions, inaccurate reasoning-driven erroneous agent actions, and further loss and abuse of credentials if the AI browser is deceived into autonomously navigating to a phishing website.” – see https://www.theregister.com/2025/12/08/gartner_recommends_ai_browser_ban/ for more details. Top Shodan map entries to consider for today are:
- Top CVEs,
- cve-2007-2768
- cve-2008-3844
- cve-2023-51767
- cve-2023-48795
- cve-2023-51385
- Top Products
- nginx
- OpenSSH
- Apache httpd
- Socks4A
- AkamaiGHost
- Top Ports
- 80
- 443
- 7547
- 22
- 161
We then toured our ENISA MISP account at https://misp.isacs.eu/ to reflect on what it might take to more easily add important information and stopped by our AI agent “Barista” (behind team account at https://chat.mistral.ai/chat) for a quick look at what is currently happening in the threat landscape – working on getting Barista to help with transforming the AI generated data into MISP uploadable data. In both cases we discussed the value of API integrations versus manual selection of what is worth uploading / sharing. This then got us into a discussion on how while we spend inordinate amounts of time reviewing notifications, we struggle to perhaps use that time more effectively – API integrations etc may seem to ease the effort, however in the end the value of notifications is almost always only found when we manually examine them.
Wishing you all a good wind-down to the end of the year!
Cheers
Oliver
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/