The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
In August, WaterISAC reported on a phishing campaign pretending to be from the Massachusetts Department of Environmental Protection (EPA Region 1). The campaign was specifically targeting utilities in Massachusetts with a request to verify the PWS information that the threat actor included in the email.
The UK’s National Cyber Security Centre (NCSC) posted a blog covering the topic of Managed Service Providers (MSPs) and the risk they pose to an organization. While MSPs can reduce the organizational responsibilities for operating cloud capabilities, the article argues that security responsibilities still remain relevant, albeit shifted. It discusses how security teams need to assess their expanded third party risk before and after procuring a contract.
Cyble has posted a blog discussing its analysis of a recently discovered phishing campaign targeting Zoom in order to deliver IcedID malware, also known as BokBot. This malware is a banking trojan whose purpose is to steal banking credentials from victims. IcedID also functions as a loader capable of downloading further malware (including ransomware) and is commonly associated with the Emotet botnet. IcedID has been observed traditionally targeting businesses to steal payment information using compromised Office attachments.
Threat actors are actively exploiting the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique, according to researchers at K7 Security Labs.
Bleeping Computer posted an article reporting that more than 60,000 Microsoft Exchange servers have still not been patched against CVE-2022-41082. CVE-2022-41082 is one of the two CVEs that make up the exploit known as ProxyNotShell. For more information, access WaterISAC’s coverage included in the Security & Resilience Update on December 22, 2022 here.
StateScoop has written an article discussing the impacts of a cyberattack against Cott Systems, a nationwide digital records management vendor reportedly utilized by approximately 400 local governments across 21 states. On December 26th, the company alerted customers that they had detected “unusual activity” on internal servers and were taking their network offline. Cott Systems has not yet provided a recovery timeline for its customers, but states that no customer data appears to be affected.
From time to time (more often, than not) data breaches are disclosed regarding widely used or well-known products, platforms, and organizations. Individually, each notice may seem less significant to report on in the sea of cyber threats and vulnerabilities, but nonetheless may be important for general awareness. Some data breaches may be associated with or an update to a prior cyber attack notification, such as data that was discovered/confirmed stolen after a ransomware attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
