The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
CISA and the FBI recently released a public announcement concerning breaches on U.S. telecommunication service providers by Chinese cyber threat actors. The announcement reads:
The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.
As Cybersecurity Awareness Month 2024 comes to a close, here’s a brief recap of all that was shared this month. Hopefully, you put the handouts to good use by sharing them with staff and placing them in easy to see locations for anyone and everyone to read. If not, no worries – they are included below and are applicable during any month, not only Cybersecurity Awareness Month!
Using strong passwords and a password manager
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories
Recent analysis by Cofense describes how threat actors are using virtual hard drive files to bypass security scanners, including widely used email security appliances from Cisco, Proofpoint, and FireEye.
Notable analysis details include:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On October 22, 2024, CISA Released One Industrial Control Systems Advisory for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
Israeli organizations have been targeted by a malicious email campaign impersonating the IT security company ESET. By utilizing the systems of Comsecure, the exclusive distributor of ESET products within Israel, an unknown threat actor is sending an otherwise seemingly legitimate email, signed by ESET’s Advanced Threat Defense team, that encourages recipients to download a .zip file and execute a malicious .exe containing a wiper program.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
