The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Yesterday afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) published a new CISA Insights urging organizations to immediately implement cybersecurity measures to protect against potential critical threats – CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.
On Friday, Russian law enforcement officials raided dozens of addresses of suspected criminals associated with the REvil ransomware gang. The Federal Security Service (FSB) of the Russian Federation says that they detained 14 individuals believed to be part of the REvil operation and seized millions of dollars of currency.
Phishing attacks remain one of the most common entry vectors for threat actors seeking to compromise an organization or an individual’s device or network. A particularly effective phishing tactic is brand impersonation, when adversaries attempt to mimic a website or domain of a well-known brand by using a similar domain name and webpage designed like the actual site. A recent report from the IT company Check Point identifies the top brands criminals impersonated in brand phishing attacks in the fourth quarter of 2021.
On Friday, the Microsoft Threat Intelligence Center (MSTIC) identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. According to MSTIC, the malware first appeared on victim systems in Ukraine on January 13, 2022. At this time, MSTIC has not been able to assess intent of the identified destructive actions or trace this to any known threat activity groups.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Log4j Vulnerability Response
Cybersecurity training is imperative for every employee of an organization, including C-suite executives. With the near saturation of Business Email Compromise (BEC) scams, threat actors are also targeting executive level accounts, in part because of their privileged access and sensitive communications. Thus, it’s important for executives to receive specialized role-based awareness training. To begin, executives should understand the financial risk associated with not maintaining an adequate cyber defense posture. Its also important for senior leadership to lead by example.
A zero trust framework can significantly reduce a threat actor’s ability to move laterally within a network and greatly enhance an organization’s overall cybersecurity posture. Unfortunately, despite federal guidance, zero trust has not gained much momentum. The concept of zero trust, to “never trust, always verify,” may seem daunting. However, according to an article in ThreatPost, zero trust isn’t necessarily about buying the next shiny thing, but “a change in mindset on how one wishes to operate their business in a secure way.”
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
