The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Security researchers have detected a new malware loader dubbed Bumblebee. The sophisticated malware appears to be a replacement for BazarLoader and is likely being used to gain initial access for follow on ransomware attacks and other malicious activity. Bumblebee is a highly sophisticated malware loader “that integrates intricate elaborate evasion techniques and anti-analysis tricks,” according to BleepingComputer. Researchers have detected a number of email campaigns distributing Bumblebee within ISO attachments.
Security researchers have identified a new strain of ransomware that is overwriting files larger than 2MB rather than encrypting them. In typical ransomware fashion, Onyx threat actors steal data from a compromised network before encrypting files and employ the all-too-common double-extortion tactic. However, the destructive action of deleting files larger than 2MB essentially prevents these files from being recovered. This behavior, whether intentional or accidental, further supports that there are no guarantees on data recovery when ransoms are paid.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Emotet malware continues to be one of the most prolific threats in the wild and the malware’s developers are testing new delivery methods to circumvent recent Microsoft security protocols. In this latest activity, first detected by Proofpoint, Emotet threat actors were observed likely testing new tactics, techniques, and procedures (TTPs) on a small scale before employing them in a larger campaign. Specifically, the observed malicious emails contained OneDrive URLs that hosted a zip archive containing XLL files which dropped Emotet malware.
Flashpoint has published a definitive guide on the ransomware threat, with the aim of helping organizations better understand the threat in order to increase their defenses and effectively respond and recover when attacked. The report begins with an overview and history of the ransomware threat. It then discusses the various strains of ransomware and how attacks unfold. Finally, the guide offers specific steps to prevent ransomware incidents and how to respond and recover from an attack.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CISA and the FBI have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and Malware Analysis Reports (MARs) containing technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.
On April 27, 2022, the cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom published a joint Cybersecurity Advisory (CSA), 2021 Top Routinely Exploited Vulnerabilities (AA22-117A). As in prior years, this joint effort highlights multiple vulnerabilities that threat actors are routinely exploiting on devices and software that remain unpatched or are no longer supported by a vendor.
A new threat analysis report from Cybereason examines the threat posed by two malware strains, SocGholish and Zloader, that masquerade as legitimate software updates and installers. From December 2021 to now, Cybereason researchers have observed an increase in the number of attacks involving SocGholish and Zloader. First, SocGholish is a JavaScript-based malware that poses as a legitimate browser update delivered to victims via compromised websites and establishes an initial foothold on a victim’s network before deploying ransomware or conducting other malicious activity.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
