Email security continues to challenge organizations large and small and remains one of the principal attack vectors in which threat actors gain access to a company before conducting further malicious activity, such as ransomware attacks. While security teams continuously combat email security with controls such as encryption and business email compromise protection, fundamentally, email security is about people.
ALPHV/BlackCat, one of 2022’s most notable ransomware menaces, continues to evolve its data extortion tactics in ongoing attempts to coerce victims into paying. The most recent tactic involves the group creating a replica of a victim’s website to publish stolen data openly on the internet. While the domain name and appearance of the website closely resembles the victim’s legitimate site, ALPHV uses its own directory structure to organize the leaked data.
During 2022, more than 200 organizations in the government, healthcare, and education sectors were compromised by ransomware in the U.S., a similar number of incidents to the previous year, according to cybersecurity company Emsisoft.
Phishing attacks during the third quarter of this year were their highest number ever observed, according to a new report from the Anti-Phishing Working Group (APWG). The report, Phishing Activity Trends Report 3rd Quarter 2022, detected 1,270,883 total phishing attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Security researchers at Amorblox recently published a report on a phishing impersonation attack in a Microsoft Office 365 environment that targeted 100,000 mailboxes at a large educational institution. The researchers were able to thwart the attack by using Natural Language Understanding, which is a type of artificial intelligence program.
Royal ransomware was the most active ransomware strain in November, knocking Lockbit ransomware from the top spot for the first time since September 2021, according to a recent report from the cybersecurity company NCC Group.
The FBI has published a Public Service Announcement (PSA) warning the public that cyber criminal threat actors are actively exploiting search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.
Review suggested: Given Microsoft is a widely used platform, please review the following and address accordingly. With respect to the holidays, please do not defer reviewing these latest threats.
CVE-2022-37958 is a remote code execution (RCE) vulnerability in the SPNEGO NEGOEX protocol of Windows operating systems, which supports authentication in applications.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
