An affiliate of the ALPHV/BlackCat ransomware group exploited three vulnerabilities in the Veritas Backup product to gain initial access to a victim’s network, according to security researchers at Mandiant. Members who use Veritas Backup Exec are encouraged to review this report and verify your systems have been patched for the exploited vulnerabilities.
As WaterISAC has reported multiple times since January, threat actors made a significant pivot to abusing OneNote to spread malware after Microsoft automatically blocked macros last year. Due to this surge in activity, Microsoft has announced they will begin blocking files within OneNote that contain dangerous extensions, similar to Outlook, Word, Excel, and PowerPoint. Microsoft has included 120 file types/extensions along with the capability to block additional extensions if needed.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CSO Online has written an article about a new study commissioned by Code42 that focuses on insider risk and insider risk management (IRM). After interviewing over 700 cybersecurity professionals, analysts found that, while 72 percent of participants had an IRM program in place, 71 percent felt they would suffer an insider threat within a year – hinting at either a lack of trust in their current program or at the pervasiveness of the threat.
While public facing websites are vital for today’s commerce, they also create a security risk that requires on-going diligence. In today's threat landscape, website injection attacks are not as enduringly popular to discuss as ransomware or phishing attacks. However, OWASP lists them as the third most significant risk to web application security, after access control and cryptography.
The U.K.’s National Cyber Security Centre (NCSC) recently published a cybersecurity toolkit to help boards ensure that cyber resilience and risk management are embedded throughout an organization, including its people, systems, processes, and technologies.
WaterISAC is tracking open-source reports describing an ongoing supply chain attack against 3CX software and its customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.
A new Emotet phishing campaign is exploiting tax season by purporting to be the Internal Revenue Service to compromise unsuspecting victims and conduct further malicious activity, according to security researchers at Malwarebytes and Palo Alto Networks Unit42.
The FBI has released a Public Service Announcement warning of the use of Business Email Compromise (BEC) tactics by criminal actors to acquire physical goods from the victim. Instead of impersonating requests for the transfer of money, these attacks spoof purchase orders requesting the distribution of goods to a false company. The goods that the report highlights include construction materials, agricultural supplies, computer technology hardware, and solar energy products. Additionally, some criminals abuse credit repayment to conduct this attack multiple times against a single business.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
