Given widespread use of Cisco Small Business Switches, the critical exploitability rating (CVSS 9.8), and the public availability of proof-of-concept exploit code, members are encouraged to review the Cisco security advisory for impacted components in your environment and address accordingly.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Proofpoint has posted a blog discussing research into new ways to exploit Microsoft Teams, including post account compromise impersonation and manipulation techniques, weaponized meeting invites by replacing default URLs with malicious links, and weaponized messages by replacing existing URLs with malicious links. The blog details how to use each exploit at a high level, along with examples.
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness of active threats and adversary capabilities.
CISA, the FBI, and the Australian Cyber Security Centre (ACSC) recently published a joint Cybersecurity Advisory (CSA) to provide network defenders with technical information, recommended actions, and mitigations to protect against BianLian Ransomware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts like this are practical for general awareness of active threats and adversary capabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Weaponized Microsoft documents were a highly favored technique until Microsoft put the kibosh on macros in files received from the internet last year. As such, WaterISAC been tracking the various tactics threat actors have migrated to. According to Proofpoint, Microsoft’s action has resulted in a monumental shift in activity and threat behavior over the last year in a way not previously observed by threat researchers.
-by Jennifer Lyn Walker
Yesterday, CISA shared the release of a new white paper on Research, Development, and Innovation for Enhancing Resilience of Cyber-Physical Critical Infrastructure: Needs and Strategic Actions.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
