The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Six Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Cybersecurity firm Deep Instinct recently observed a new spear-phishing campaign from the Iranian state-sponsored group “Muddy Water” targeting two entities in Israel using updated TTPs. In the past, Muddy Water has used PDF, RTF, and HTML attachments containing links to archives hosted on various file-sharing platforms. These archives contain installers for various remote administration tools including ScreenConnect, RemoteUtilities, Syncro, etc.
President Biden has signed an executive order (EO) aimed at regulating generative AI systems, recognizing their transformative potential and potential risks. The order focuses on ensuring the safe and responsible use of AI, including with respect to critical infrastructure.
FIRST, the Forum of Incident Response and Security Teams, will release this week version 4.0 of the Common Vulnerability Scoring System (CVSS). CVSS is an open framework that allows organizations and researchers to communicate specific characteristics and severities of software vulnerabilities.
CISA has introduced a valuable toolset designed to assist companies with their logging requirements. "Logging Made Easy (LME)," LME is a reimagined offering by CISA, that transforms a well-established log management solution into a reliable, centralized log management alternative.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI’s Internet Crime Complaint Center (IC3) is issuing an updated Public Service Announcement (PSA) to help organizations better understand and guard against the inadvertent recruitment, hiring, and facilitation of Democratic People's Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
