The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Menlo Labs has observed a threat actor conducting PureCrypter-enabled attacks against government agencies. Utilizing a compromised non-profit’s website, researchers tracked multiple attempts to infect government agencies through ZIP files containing PureCrypter distributed through Discord who were primed to upload a secondary payload from a compromised non-profit organization’s network. After analyzing the potential chain of infection, they found 106 other attacks that utilized similar behaviors.
Check Point Research has posted its analysis of a new strain of partially autonomous ransomware with other concerning capabilities that researchers have labeled Rorschach. Check Point assesses that this strain does not appear to be related to any other ransomware family, nor does the threat actor behind it seem to be affiliated with any other criminal groups. Rorschach is highly customizable and appears to be able to autonomously propagate itself across a victim’s network under the right circumstances.
An affiliate of the ALPHV/BlackCat ransomware group exploited three vulnerabilities in the Veritas Backup product to gain initial access to a victim’s network, according to security researchers at Mandiant. Members who use Veritas Backup Exec are encouraged to review this report and verify your systems have been patched for the exploited vulnerabilities.
As WaterISAC has reported multiple times since January, threat actors made a significant pivot to abusing OneNote to spread malware after Microsoft automatically blocked macros last year. Due to this surge in activity, Microsoft has announced they will begin blocking files within OneNote that contain dangerous extensions, similar to Outlook, Word, Excel, and PowerPoint. Microsoft has included 120 file types/extensions along with the capability to block additional extensions if needed.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CSO Online has written an article about a new study commissioned by Code42 that focuses on insider risk and insider risk management (IRM). After interviewing over 700 cybersecurity professionals, analysts found that, while 72 percent of participants had an IRM program in place, 71 percent felt they would suffer an insider threat within a year – hinting at either a lack of trust in their current program or at the pervasiveness of the threat.
While public facing websites are vital for today’s commerce, they also create a security risk that requires on-going diligence. In today's threat landscape, website injection attacks are not as enduringly popular to discuss as ransomware or phishing attacks. However, OWASP lists them as the third most significant risk to web application security, after access control and cryptography.
The U.K.’s National Cyber Security Centre (NCSC) recently published a cybersecurity toolkit to help boards ensure that cyber resilience and risk management are embedded throughout an organization, including its people, systems, processes, and technologies.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
