Check Point Software Technologies offers a comprehensive analysis of the climbing cyber attack trends of recent years, of which 2023 pointedly made its mark. Not only did 2023 continue the significant upward trend of cyber attacks from the past few years, but the threat landscape saw a transformation in attacks observed by industry and region.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Action strongly recommended for utilities that use the affected versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure Gateways
What’s new:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Today, CISA and the FBI released a joint Cybersecurity Advisory (CSA), “Known Indicators of Compromise Associated with Androxgh0st Malware,” to provide network defenders with known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware.
I know it’s only January, but if phishing campaigns feel like Groundhog Day, that’s because they are. Yet, despite the same ‘ol themes, it’s important to keep staff apprised and reminded of the tried-and-true tricks that threat actors keep using because they keep working. And if there’s one thing miscreants have a penchant for, it’s cultural and seasonal themes. If you’re wondering if you should warn your wonderful users about which themes to be wary, check out these recent posts from Cofense and Checkpoint for a clue!
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As Phishing-as-a-Service (PhaaS) offerings have lowered the barrier to entry for low-skilled threat actors, “Adversary-in-the-Middle” (AitM) attacks have become much less technical to execute. Open-source toolkits such as “EvilGinx3,” make phishing campaigns accessible to the most novice threat actors. With such frameworks, actors can easily create custom Office 365 login pages; mimic other popular websites such as Amazon, LinkedIn, Facebook, and X (formerly Twitter) to conduct opportunistic or highly targeted phishing campaigns.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
