The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Security researchers at Cisco Talos recently uncovered a new malware threat, called Squirrelwaffle, that spreads via spam campaigns, providing threat actors with an initial entry into a compromised device or network and allowing them to deploy additional malware, such as Qakbot or Cobalt Strike. Squirrelwaffle, which was first identified last month, leverages stolen reply-chain emails to propagate across devices and networks.
Microsoft’s Detection and Response Team (DART) has detected an increase in password spray attacks over the past year. With increasing intelligence of security software and cybersecurity awareness, breaking into a network undetected has become more difficult. Therefore, threat actors are increasingly focused on stealing a victim’s credentials so they can access a network and carry out malicious activity that appears as normal network traffic. To gain these credentials, adversaries are employing password spraying.
Although ransomware and phishing attempts are often perceived as the most frequent and persistent cyber threats by many, a new survey by the Neustar International Security Council (NISC), however, shows that domain name system (DNS) attacks are impacting businesses at an increasing rate. According to the survey, which was conducted in September 2021, 72 percent of respondents experienced a DNS attack within the last year. Among the targeted respondents, 58 percent experienced business disruptions that lasted more than an hour and 14 percent took several hours to recover.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Microsoft has shared details on the latest campaign conducted by the Russian-backed threat actor NOBELIUM. It notes that since May 2021, NOBELIUM has targeted hundreds of cloud service providers (CSPs), managed service providers (MSPs), and other IT services organizations to exploit the administrative or privileged access provided to these companies by their downstream customers.
A critical Discourse remote code execution (RCE) vulnerability, tracked as CVE-2021-41163, was remedied after the developer released a security update last week. The vulnerability can be exploited in Discourse versions 2.7.8 and earlier and thus users are urged to update to patched versions 2.7.9 or later. Discourse is an open-source platform for community discussion. In unpatched versions of Discourse, maliciously crafted requests can lead to remote code executions because of a lack of validation in “subscribe_url” values.
The FBI has published a TLP:WHITE FLASH providing indicators of compromise associated with the Ranzy Locker ransomware. The FLASH indicates that Ranzy Locker ransomware, which was first detected in late 2020, has targeted more than 30 U.S. organizations, including critical infrastructure entities. Past incidents indicate the threat actors conducted brute force attacks targeting Remote Desktop Protocol (RDP) credentials to gain access to the victims’ networks. The actors also utilized Microsoft Exchange Server vulnerabilities and phishing to compromise a victim’s network.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
