Researchers with dark web intelligence firm Gemini Advisory discovered a new campaign targeting Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associated with local government services, including utilities.
As WaterISAC shared in its August 6 Security and Resilience Update, the LookBack remote access trojan has a penchant for targeting U.S. utilities. Likewise, WaterISAC is aware of at least one member utility that received an email consistent with activity described in the LookBack campaign. The email purported to be from a state water sector association, Florida Rural Water Association (FRWA).
As WaterISAC shared in its September 17 Security and Resilience Update, Emotet has resumed spear phishing activity. Specifically, last week Emotet was observed using similar tactics from late spring 2019 by hijacking old email threads designed as invoices. This week it adds a different tactic to its arsenal of lures – NSA whistleblower Edward Snowden’s new book, Permanent Record.
Microsoft has released security updates to address vulnerabilities in Internet Explorer 11 and Microsoft Defender. The updates include a cumulative security update for Internet Explorer. A remote attacker could exploit these vulnerabilities to take control of an affected system.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published four new documents on its CISA Insights page. Each product provides a description of the threat, lessons learned, recommendations, and additional relevant resources. The new products are:
Developing plans for how utilities will respond to cyber incidents is critical for quick recovery and restoration from such events. An effective cyber incident response (IR) plan will limit damage and reduce recovery time and costs. Most importantly, the IR plan needs to be in place and tested before a cyber incident occurs; nonetheless, research reveals cyber incident response plans are still largely ineffective.
Awareness training is a key organizational risk strategy component to create and maintain a culture of cybersecurity, all personnel should receive regular, ongoing cybersecurity awareness training. Likewise, technical IT and OT personnel should participate in advanced training, and include red team/blue team exercises to practice and reinforce cybersecurity defense concepts and strategies.
TFlower has emerged as the latest ransomware targeting corporate environments, gaining entry into networks through exposed Remote Desktop Protocol (RDP) services. TFlower was actually discovered in August, and at the time it was thought to just be another generic ransomware. But TFLower activity is reported to be picking up. While TFlower’s rise in the ransomware environment may have come as a surprise, its method for infecting systems shouldn’t be.
CISA has released an advisory on an information exposure vulnerability in Honeywell Performance IP Cameras and Performance NVRs. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to view device configuration information. Honeywell has released firmware update packages for all affected products. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has released an advisory on improper restriction of excessive authentication attempts, information exposure, cross-site request forgery, and use of password hash with insufficient computational effort vulnerabilities in Siemens SINEMA Remote Connect Server. Versions prior to 2.0 SP1 are affected. Successful exploitation of these vulnerabilities may allow an attacker unauthorized access to the web interface, improper access to privileged user and device information, and may allow successful CSRF attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
