The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Despite growing awareness of the threat from phishing emails and greater adoption of multifactor authentication (MFA), threat actors are still successfully compromising firms via phishing attacks and breaching MFA protections with phishing toolkits. To help bring greater awareness to this activity, Proofpoint recently published a blog detailing how network defenders can help mitigate this threat.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Incidents, Threats, and Vulnerabilities
Trend Micro has posted a blog analyzing variants from a ransomware strain titled “Big Head,” which has the novel capability of hiding its encryption of a victim’s files with a fake Windows update alert. Researchers describe how, after running a series of checks, these Big Head variants post a screen that looks remarkably similar to what is seen when Windows is applying an update, before posting the actual ransom note once the encryption is complete.
Huntress posted a blog discussing its research into the recent spate of MOVEit vulnerabilities, including a previous zero day (CVE-2023-34362) and how criminal groups have been utilizing it in their operations.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Three Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
With stolen credentials leading the charge as the root cause of many data breaches – and certainly one of the easiest methods – it’s important to monitor the various repositories and forums where credentials are often traded. There are numerous services that offer monitoring for stolen credentials and it’s important to be alerted for all the different types of credentials used or stored across your utility, including employee, customer/consumer, partner/third-party supplier, and VIP (executives and board members).
As the title states, consumers aren’t the only ones awaiting the famed annual Amazon Prime Day (or days). While threat actors may be procuring some Prime Day purchases, that isn’t the only activity they are predisposed. According to Check Point Research (CPR), there were almost 1,500 new domains related to the term “Amazon” of which 92% were found to be either malicious or suspicious. Furthermore, one out of every 68 “Amazon” related new domains were also related to “Amazon Prime,” of which about 93% of those domains were found to be risky.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Vulnerabilities
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
