The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Attention: Members using impacted VMware products are strongly encouraged to pass this information along to IT support personnel and/or third party IT/managed service providers to be promptly addressed.
As anticipated, a working proof-of-concept has been developed for CVE-2022-22972. Security researchers have published an analysis report and working exploit. The public disclosure of exploits typically reduces the time to active exploitation by threat actors and increases the risk of compromise posed to devices that remain unpatched.
Vishing (voice phishing) attacks have dramatically increased over the past year, according to a recent cybersecurity report. The latest quarterly report from Agari and PhishLabs found that vishing attacks increased 550 percent in Q1 2022, compared to the year prior. Additionally, the report found that vishing has overtaken business email compromise (BEC) as the second most reported email threat since Q3 2021.
Security researchers have discovered a new phishing campaign that leverages malicious PDFs and a five-year-old remote code execution (RCE) vulnerability to deliver Snake Keylogger malware to victim devices. Snake Keylogger steals credentials, victim keystrokes, screenshots of victim’s screen, and clipboard data. In this particular campaign, victims’ receive an email named “Remittance Invoice,” with a weaponized PDF attached. When the PDF is opened, Adobe Reader prompts them with a Word document, deceivingly named “has been verified” to trick users into opening it.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released its Analysis of FY21 Risk and Vulnerability Assessments along with an infographic mapping to the MITRE ATT&CK® Framework of 112 Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2021.
The infamous Emotet malware was the most common type of malware observed in the first quarter of 2022, according to analytics from the HP Wolf Security threat research team. The researchers found a 28-fold increase in detections resulting from Emotet malicious spam campaigns compared to the fourth quarter of 2021. Emotet represents 9 percent of all malware analyzed by the researchers. The Cybersecurity and Infrastructure Security Agency (CISA) described Emotet as one of the most destructive and costly malware to remediate.
Attention: Members using impacted F5 BIG-IP products are strongly encouraged to pass this information along to IT support personnel and/or third party service providers to be promptly addressed.
Just as businesses depend on email for work, threat actors count on it for conducting malicious activity. According to Cofense, the three most prevalent types of attacks against email systems in 2021 were credential phishing, business email compromise (BEC), and malware delivery. Specifically, the data revealed that 70 percent of all email attacks were credential phishing.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
