The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with LockBit 2.0 ransomware. The FLASH indicates LockBit 2.0 threat actors operate as an affiliate run Ransomware-as-a-Service (RaaS) and employ a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Some techniques these threat actors include, but are not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Many organizations are not utilizing the cybersecurity features offered by Microsoft 365, according to research from the IT company Ensono. For its research Ensono surveyed IT staff whose companies use Microsoft 365. Some key findings from the survey reveal that 38 percent of respondents are not using multi-factor authentication, only 43 percent have Conditional Access setup, and 46 percent do have data loss prevention or data classification configured.
A recently observed phishing campaign is utilizing malicious CSV text files to install the BazarLoader/BazarBackdoor trojan. BazarBackdoor is a backdoor malware created by the TrickBot gang to provide threat actors with remote access to a compromised device which can then be used to move laterally through a corporate network, install more malware, steal data, and deploy ransomware.
Data leaks, for whatever reason, are costly. However, financial recovery costs and costs due to damaged trust and reputation are not the only ramifications. Lost data often finds its way into the hands of advanced adversaries who use it for reconnaissance efforts to learn about potential targets, including critical infrastructure organizations.
A recent study of ransomware attacks between July and September 2021 reveals that the banking, utilities, and retail sectors are the most targeted industries. The utilities sector was the second most targeted by ransomware during the time period, accounting for 20 percent of detected attacks. All three sectors in combination accounted for 58 percent of all detected attacks.
A current phishing scam is purporting to be a message from the U.S. Postal Service (USPS) claiming recipients have missed an important delivery, but instead contains a malicious link. In recent phishing awareness posts, WaterISAC has highlighted threat actors using trusted brands in phishing campaigns to fool users more easily into downloading various malware.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
by Andrew Hildick-Smith, WaterISAC Advisor
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
