The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Cybersecurity company Check Point’s latest monthly threat index found that Qbot was the most pervasive malware targeting organizations in December 2022, displacing the Emotet botnet which only returned to the top ranks last month after a period of inactivity.
Cyware has posted an alert detailing Microsoft sharing that the Cuba ransomware threat group has been observed targeting vulnerable Exchange servers using a zero-day exploit titled OWASSRF, or Outlook Web Access Server-Side Request Forgery. This is an escalation in criminal actors utilizing this exploit, as previously only the Play ransomware group had incorporated it into their malware.
Bleeping Computer has posted an article discussing newly released information regarding the CircleCI data breach. This was prompted by CircleCI, a backbone service for many developers, releasing an incident report revealing the initial breach was caused by an engineer’s device becoming “infected with information-stealing malware that [stole] their 2FA-backed SSO session cookie” and allowed criminal actors to begin stealing data beginning December 22, 2022.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat actors are increasingly targeting employee and customer data information while appearing less interested in financial information and credentials, according to research from the cybersecurity firm Imperva. Notably, Imperva’s research also found that 32 percent of data breaches are due to unsecured databases and social engineering attacks.
Imperva’s research identified the six most common mistakes made by organizations and individuals that enable data breaches:
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) published a handbook offering guidance to small and medium-sized businesses (SMBs) on best practices for securing their cyber supply chain. The guide provides methods and guidance to tackle the most common and highest priority risks faced by SMBs.
Bleeping Computer has written an article covering research from a SEKOIA analyst regarding a Vidar malware campaign involving 1,300 domains impersonating the AnyDesk brand. Victims are likely directed to these domains through a phishing campaign or search engine results and are then redirected to a DropBox folder to download the Vidar malware disguised as an AnyDesk installer. Vidar malware capabilities include copying browser histories, account credentials, passwords, cryptocurrency wallets, and banking data to send to its controller for further malicious use.
Bleeping Computer has written an article discussing recently discovered activity by the Lorenz ransomware gang in relation to a Mitel MiVoice vulnerability (CVE-2022-29499) publicized in 2022 and included on CISA’s Known Exploited Vulnerabilities Catalog in June. While Mitel released a patch for the vulnerability in a timely manner, researchers from S-RM determined that the Lorenz group was already exploring and exploiting vulnerable networks at least a week ahead of the patch release.
Creating incident response plans that define how utilities plan to respond during cyber incidents is crucial for allowing organizations to better recover from potential cyber attacks.
An effective cyber incident response plan (IRP) will limit damage to an organization’s operations and reduce recovery time and costs. Most importantly, IRPs need to be in place and tested before a cyber incident. In other words, regularly exercising the IRP is crucial.
Besides creating an IRP there are a few tips organizations can implement to strengthen response and recovery efforts:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
