The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019.
Security Week has written an article discussing a spike in attacks exploiting CVE-2018-9995, a 5 year old critical authentication bypass vulnerability in TBK Vision devices, and CVE-2016-20016, a 7 year old vulnerability in MVPower devices.
Threat actors are increasingly capable of compromising enterprise networks by utilizing legitimate tools and social engineering techniques, instead of relying on malware, making it harder for network defenders to detect malicious activity.
The Cybersecurity and Infrastructure Security Agency (CISA) posted an alert warning network defenders that exploiting the Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.
Not all trend analysis reports are created equal, but occasionally some stand out. Nonetheless, many such reports are often useful for lessons learned and an enlightening nugget or two. One such report is Sophos’ 2023 Active Adversary Report for Business Leaders, which provides a picture of how threat actors are operating. The report is derived from over 150 incident response engagements selected from its 2022 workload.
WaterISAC convened its monthly Water Sector Cyber Threat Briefing on April 26. Brandon Carter, a cybersecurity specialist at EPA's Water Infrastructure and Cyber Resilience Division, presented.
Agenda - You’re Not in this Alone: EPA Cybersecurity Technical Assistance Program for the Water Sector
EPA’s new water sector cybersecurity evaluation program offers a free assessment of cybersecurity gaps or vulnerabilities in the operational technology (OT) used by public water systems (PWSs). It is intended to support a PWS sanitary survey as described in the EPA memorandum, Addressing Public Water System Cybersecurity in Sanitary Surveys or an Alternate Process.
Fortinet has written a blog discussing the use of the EvilExtractor tool in a March 2023 phishing campaign targeting networks in America and Europe. EvilExtractor is claimed to be a legitimate education tool, but researchers discovered it being advertised on criminal markets as an information stealer. EvilExtractor is modular, giving it many capabilities, including the ability to steal and upload data, wipe logs, and install ransomware.
Symantec has written a blog discussing the X_Trader software supply chain attack that impacted critical infrastructure organizations in the United States and Europe, including the energy and financial sectors. X_Trader, developed by Trading Technologies, is typically used for futures trading but a North Korean threat group has been linked to malicious versions utilized to deploy a multi-stage modular backdoor onto victims' systems.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
