The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in partnership with CISA, provided updated guidance intended to aid procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design.
Researchers from Claroty’s Team82 have provided information about the custom-built IoT/OT malware called IOCONTROL which has been used by Iran-affiliated threat actors to attack Israel and U.S.-based OT/IoT devices.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Vulnerability management is a critical process for reducing potential risks associated with security vulnerabilities for organizations of all sizes. Organizations that lack proper vulnerability management are significantly more likely to experience a breach. According to Verizon’s 2023 Data Breach Investigations Report, 60% of breaches involved vulnerabilities for which a patch was available but not applied.
Last week, the Cyber Readiness Institute (CRI), Foundation for Defense of Democracies (FDD), and Microsoft recently released an interim report detailing the findings from the first phase of the Cyber Readiness Program aimed at enhancing cybersecurity in small and medium-sized water and wastewater utilities across the nation.
The scope of the Salt Typhoon Campaign is continues to increase as senior White House officials revealed last week that telecommunications companies in dozens of countries have been breached by Salt Typhoon, eight of which are major internet service providers (ISPs) located in the U.S.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Today, CISA, in partnership with the National Security Agency (NSA), the FBI, and international partners, released “Enhanced Visibility and Hardening Guidance for Communications Infrastructure” to provide best practices to protect against a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
