The cybersecurity authorities from the U.S., New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks.
While properly configured technical controls can go a long way in protecting from cyber threats, there are countless threats that defeat even the best technology solutions. Those threats most often emanate from email and are intentionally designed to bypass blocking controls in an attempt to trick our last line of cyber defense – the users. Furthermore, with email enduring as the most likely ingress for a cyber attack, threat actors have the odds of a successful attack on their side.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
In cooperation with the United States Digital Service, and the Federal Risk and Authorization Management Program, CISA released the Cloud Security (CS) Technical Reference Architecture (TRA). The CS TRA defines and clarifies considerations for shared services, cloud migration, and cloud security posture management.
An ongoing phishing campaign targeting U.S. organizations has been observed employing fake voicemail notifications to fool employees into providing their Office 365 or Outlook credentials. In this specific phishing campaign, users receive a phony email stating they have a new voicemail to listen to and are prompted to open an HTML attachment. To increase the chances of success, adversaries ensure the email's “From” field specifically references the targeted organization’s name.
Security researchers have uncovered a potential new ransomware-related threat to Office 365 account users. In this case, adversaries could utilize compromised Office 365 accounts to encrypt files stored in SharePoint and OneDrive cloud services. The attack relies on manipulating the “AutoSave” feature which creates cloud backups of older file types when users make edits. To conduct this attack threat actors need only to compromise an employee’s Office 365 account, usually done via phishing or malicious OAuth apps.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
In April, joint cybersecurity advisory (CSA) Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices, along with reports from Dragos and Mandiant were published on PIPEDREAM and INCONTROLLER, respectively, detailing that unidentified advanced persistent threat (APT) ac
The first quarter of this year saw the most phishing attacks ever observed, according to a new report. The APWG Phishing Activity Trends Report for the first quarter of 2022 revealed there were 1,025,968 total phishing attacks. This quarter was the first time the three-month total number of phishing attacks exceeded one million. In March alone there were 384,291 attacks, which was also a record monthly total. The report identified webmail services as one of the most targeted sectors.
Conducting asset inventories is one of the foundational first steps in setting up a cyber risk management strategy. Since you cannot defend or secure what you do not know you have, performing asset inventories to gain network visibility is critical for all organizations large and small. Despite the overwhelming benefits of performing asset inventories, a recent report from the cybersecurity firm CYREBRO found that many organizations lack full network visibility. Network visibility is a clear awareness of the components, devices, servers, and data that make up a company’s network.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
