Yesterday, CISA and the National Security Agency (NSA) published a joint Cybersecurity Information Sheet (CSI), Defending Continuous Integration/Continuous (CI/CD) Delivery Environment, to help organizations improve their defenses in cloud implementations of development, security, and operations.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Nine Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Zscaler’s ThreatLabz has released its 2023 Ransomware Report, which analyzes ransomware trends and impacts. Of special note this year is the continued sophistication of Ransomware as a Service (RaaS) and the rise of encryptionless extortion.
Waterfall Security Solutions, in cooperation with ICSStrive, has published its 2023 Threat Report, which is specifically focused on OT cyber attacks with physical consequences. A key takeaway from the document is the observed surge in cyber attacks on critical infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Incidents
Another Microsoft Teams vulnerability has been recently disclosed that allows for the introduction of malware. Jumpsec Labs has shared its research regarding exploiting the Microsoft Teams External Tenants feature “which allows for the possible introduction of malware into any organizations using Microsoft Teams in its default configuration.”
The NSA has shared another Cybersecurity Information Sheet that addresses vulnerabilities in embedded computing functions. Earlier this month, it published joint guidance on Hardening Baseboard Management Controllers (BMCs).
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
