Email remains one of the top attack vectors for threat actors looking to compromise an organization. Despite this, a recent study found that around 90 percent of organizations have security holes in Microsoft 365 due to their current cybersecurity policies and architecture.
Last week, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain, titled Securing Software Supply Chain Series - Recommended Practices Guide for Customers.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) providing information about an incident at a Federal Civilian Executive Branch (FCEB) organization which involved Iranian government-sponsored APT actors exploiting a Log4Shell vulnerability in an unpatched VMware Horizon server.
Develop a viable defense and threat actors will inevitably find a way to bypass it. That’s the endless game of cat-and-mouse, especially in the cybersecurity world. A historical example was the old advice to ‘never open an email from someone you don’t know,’ so threat actors now expertly purport to be or impersonate someone (or something, as in the case of a well-known brand) we do know. A more recent example is in regards to multifactor authentication (MFA).
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The European Cybersecurity Agency (ENISA) recently released its annual report on the cybersecurity threat environment facing the European Union. The report, Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape, identifies significant threats, threat actors and attack techniques, tracks major trends, and also provides mitigation measures.
The FBI has published a Public Service Announcement (PSA) advising the public on how to protect themselves from cyber criminals conducting computer-technical support scams. Technical support scams involve fraudsters posing as service representatives of a company's technical or computer repair service and contacting victims through email or by telephone about a highly priced, soon-to-renew subscription. According to the PSA, “Scammers request victims contact the scammers at a provided telephone number or email to cancel the renewal and receive a varying refund amount.
Today, the National Security Agency (NSA) published a new report offering guidance and recommendations to help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of exploitable vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
