With the holiday season upon us and many taking time off or otherwise distracted, it’s important to remember to be vigilant for cyber scams designed to leverage the “most happiest time of the year.” Therefore, WaterISAC continues sharing posts on awareness of various holiday scams.
Amid the holiday season and COVID-19 activity, threat actors are continuing to use phishing themes designed to elicit an emotional response to get users to click before they think. To increase members’ situational awareness, WaterISAC is highlighting three current phishing campaigns.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The scourge of ransomware endures as criminals continue to find new ways to exploit and compromise systems and networks for their financial gain. WaterISAC is highlighting the most prolific and noteworthy ransomware groups this holiday season for members’ security awareness.
Many organizations rely upon Remote Desktop Protocol (RDP) software for connecting to remote systems. However, the widespread adoption of RDP software has significantly increased the attack surface for threat actors to exploit, because there are multiple security flaws with RDP. One particular security issue with RDP is known as “BlueKeep.” This RDP vulnerability, tracked as CVE-2019-0708, occurs pre-authentication and requires no user input.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI has published a TLP:WHITE FLASH examining the activities of an APT group exploiting a zero-day on ManageEngine Desktop Central servers.
Yesterday, Microsoft encouraged customers to patch two Windows Active Directory domain service privilege escalation vulnerabilities that, combined, permit threat actors to effortlessly takeover Windows domains. Microsoft released patches for these vulnerabilities, tracked as CVE-2021-42287 and CVE-2021-42278, during its November security updates. Last week, a proof-of-concept tool leveraging these vulnerabilities was shared on public forums.
Microsoft’s newest security updates patches a high-severity Windows zero-day vulnerability threat actors are exploiting to distribute Emotet malware. The vulnerability, tracked as CVE-2021-43890, spoofs a security flaw in Windows AppX Installer that allows a threat actor to conduct a complex attack with lower user privileges. According to Microsoft, “an attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment.
With the holidays upon us and many organizations reducing their staffing to allow for time off, WaterISAC reminds its members of important steps to take now as emphasized in recent advisories from the White House and CISA. As Deputy Assistant to the President and Deputy National Security Advisor Anne Neuberger highlighted when the White House advisory was released, breaches often occur around holidays when cyber threat actors know security operations centers are short-staffed.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
