Last week, CISA published a Cybersecurity Advisory (CSA) to warn network defenders about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway.
Wiz has posted a blog discussing the implications of the recently announced security incident affecting Microsoft where a Chinese-attributed threat actor stole a private encryption key to forge access tokens for various Outlook products. After conducting further technical analysis, researchers believe that this stolen key could also impact users of Azure Active Directory, SharePoint, Teams, and OneDrive.
Hoxhunt has released its Human Cyber-Risk Report: Critical Infrastructure, with a key finding that 66% of critical infrastructure employees have correctly reported at least one malicious phishing attempt. Hoxhunt’s researchers state that this statistic is 20% higher than the averages for other industries they’ve done phishing studies for.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Threat Awareness
Based on a collaborative partnership between CISA and Microsoft, many Microsoft customers will now have access to expanded cloud logging capabilities at no additional charge, which will enhance cyber defense and incident response. The expanded access comes in response to a cyber incident in June involving a government agency where advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Fortinet has posted a blog discussing Google’s launch of the .zip Top Level Domain and the challenges that presents for network defenders.
SC Magazine has written an article discussing the unprecedented scope of the MOVEit vulnerability’s exploitation by criminal threat actors, especially the Cl0p ransomware group. Nearly 370 organizations have either been identified as victims by Cl0p or have confirmed that they were victims themselves.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Cybersecurity
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Seven Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
