The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Emotet malware continues to be one of the most prolific threats in the wild and the malware’s developers are testing new delivery methods to circumvent recent Microsoft security protocols. In this latest activity, first detected by Proofpoint, Emotet threat actors were observed likely testing new tactics, techniques, and procedures (TTPs) on a small scale before employing them in a larger campaign. Specifically, the observed malicious emails contained OneDrive URLs that hosted a zip archive containing XLL files which dropped Emotet malware.
Flashpoint has published a definitive guide on the ransomware threat, with the aim of helping organizations better understand the threat in order to increase their defenses and effectively respond and recover when attacked. The report begins with an overview and history of the ransomware threat. It then discusses the various strains of ransomware and how attacks unfold. Finally, the guide offers specific steps to prevent ransomware incidents and how to respond and recover from an attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CISA and the FBI have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and Malware Analysis Reports (MARs) containing technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.
On April 27, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom published a joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A). As in prior years, this joint effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor.
A new threat analysis report from Cybereason examines the threat posed by two malware strains, SocGholish and Zloader, that masquerade as legitimate software updates and installers. From December 2021 to now, Cybereason researchers have observed an increase in the number of attacks involving SocGholish and Zloader. First, SocGholish is a JavaScript-based malware that poses as a legitimate browser update delivered to victims via compromised websites and establishes an initial foothold on a victim’s network before deploying ransomware or conducting other malicious activity.
Email-borne cyber threats remain one of the most prevalent avenues for threat actors to target organizations and are thus a major headache for companies. A new report from Cyren and Osterman Research found that companies are spending an average of 3,850 hours per year responding to compromises caused by email-borne attacks. The most common breach vector the study found was compromised Office 365 login credentials. Email-based account compromise can lead to financial scams, business email compromise (BEC), and the deployment of ransomware.
In order to prevent a ransomware attack, it’s important to understand and protect against the behaviors of the different groups and strains, this includes understanding how quickly some are able to accomplish a full domain compromise.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
