The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 18, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As social engineering techniques continue to proliferate, it is still important to continually remind family, friends, and colleagues of the common themes that are designed to trick us into falling for cyber scams. As such, the FBI recently issued a public service announcement to inform individuals and businesses about current social engineering techniques, including:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Action may be required: Utilities using impacted PAN-OS firewalls, versions 10.2, 11.0, and 11.1 configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled, are highly encouraged to review and address accordingly.
Over the weekend, Palo Alto Networks released workaround guidance for a command injection vulnerability (CVE-2024-3400) which affects PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. WaterISAC is sharing this for member awareness.
Yesterday, the NSA’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet (CSI) Deploying AI Systems Securely in collaboration with CISA, the FBI, and international partners from Australia, Canada, New Zealand, and the United Kingdom.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 16, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
This afternoon, CISA issued Emergency Directive 24-02 to address the significant risk from nation-state compromise of Microsoft Corporate Email System. Due to this heightened concern, WaterISAC recommends members review the ED, remain vigilant, and act accordingly as it is believed that the email compromise extends beyond the federal government and may impact other critical entities and the broader ecosystem.
The National Security Agency (NSA) is issuing guidance for maturing data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Data Pillar,” are intended to ensure only those with authorization can access data. The capabilities outlined in the CSI integrate into a comprehensive Zero Trust (ZT) Framework.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
