A recent report from cybersecurity company VulnCheck has revealed a significant vulnerability (CVE-2024-12856) affecting thousands of Chinese Four-Faith routers. The flaw allows attackers to exploit default credentials in the F3x24 and F3x36 router models to remotely inject commands into the operating system.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & ICS Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins
The recent electronic pager attacks by Israel against the foreign terrorist group Hezbollah emphasize the need for securing supply chains in today's increasingly complex geopolitical landscape. These incidents, which resulted in remotely detonated explosives hidden in pager and walkie-talkie batteries, serve as a stark reminder of the vulnerabilities inherent in supply networks, particularly those involving third-party hardware and software.
Threat actors continue to conduct targeted attacks against specific organizations and industries. The Aerospace defense giant General Dynamics recently experienced a highly targeted attack where threat actors compromised dozens of employee benefits accounts after a successful phishing campaign targeting its workers.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins
This week, CISA released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—the public comment period is currently open and concludes on January 15, 2025.
On Tuesday, CISA and the Office of the National Cyber Director (ONCD) published a Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure. The playbook is designed to assist grant-making agencies to incorporate cybersecurity into their grant programs and assist grant-recipients to build cyber resilience into their grant-funded infrastructure projects.
Yesterday, CISA and other federal and international partners released notable updates to the Joint Cybersecurity Advisory (CSA) “IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities” originally published December 1, 2023. See WaterISACs original analysis of this joint CSA.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
