Security researchers at MailGuard analyzed a targeted spear phishing attack on an organization and discovered the use of a novel technique intended to spoof email filters and spam scanners, highlighting how threat actors continuously adapt their tactics, techniques, and procedures.
The cybersecurity firm Barracuda recently published its annual threat research report, which examined ransomware attack patterns to determine the most targeted industries. The report analyzed 106 publicized ransomware attacks between August 2021 and July 2022 and found critical infrastructure and municipalities were among the top five industries targeted, along with the financial, healthcare, and education sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
DarkReading has written an article discussing the consequences for companies and cyber insurers in the wake of Lloyd’s of London’s decision to require member insurers to exclude state-backed cyberattacks from customers’ cyber insurance policies. The experts consulted unanimously agreed that this action damages trust in cyber insurance, increasing the uncertainty around whether an organization will be reimbursed after an attack. The main criticism is that the term “state-backed cyberattack” is extremely broad and can be abused by the insurance industry to limit payouts.
Last week EPA’s Office of Water finalized a report describing how it plans to provide voluntary cybersecurity technical support to drinking water systems, the second of two cyber-related actions that were mandated by Congress last year as part of the Bipartisan Infrastructure Law.
CSO Online has posted an article detailing how business email compromise (BEC) attacks continue to have a larger impact on the economy compared to ransomware attacks, despite the more significant amount of media attention devoted to the latter. Based off of data from the FBI, in 2021 BEC attacks were responsible for the loss of $2.4 billion, in comparison to a loss of $49.2 million to ransomware attacks. The article offers a few explanations for this mismatch between reality and expectation.
Cofense posted a blog detailing a phishing campaign utilizing unique tactics that is targeting multiple sectors, including energy, financial services, commercial real estate, food, and manufacturing. This campaign, which spoofs eFax and Microsoft 365, approaches targets in a nontraditional way by pretending to be from a survey site asking for customer feedback.
Despite the ability to significantly reduce the risk from account takeovers, MFA is not without its challenges. While MFA is a simple control to use, configuring it isn’t necessarily so seamless – yet it’s a control that can’t be dismissed. From MFA push notification fatigue to exploiting weaknesses in self-enrollment configurations, multiple threat actor types seem to be increasingly bypassing this important cyber defense technique.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
