A significant security threat to any organization is the continual presence of spam in our inboxes. It’s one easy way for an attacker to literally plant seemingly harmless information into the minds of personnel, and then prey on their natural human tendencies. In a corporate inbox, spam can pose a serious security threat.
Given recent attention and attacks against Unitronics Vision Series PLCs and their use in the water and wastewater systems sector, WaterISAC is amplifying this recent vulnerability advisory. Members using Unitronics Vision Series PLCs are highly encouraged to review the following ICS Advisory and address accordingly.
Unitronics Vision Series PLCs | ICSA-24-109-01
Vulnerability: Storing Passwords in a Recoverable Format
A global increase in brute-force attacks has been identified against a variety of targets which include VPN services, web application authentication interfaces, and SSH services since at least March 18, 2024. Cisco Talos is actively monitoring the increase in attacks and is providing details on affected services.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 18, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As social engineering techniques continue to proliferate, it is still important to continually remind family, friends, and colleagues of the common themes that are designed to trick us into falling for cyber scams. As such, the FBI recently issued a public service announcement to inform individuals and businesses about current social engineering techniques, including:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Action may be required: Utilities using impacted PAN-OS firewalls, versions 10.2, 11.0, and 11.1 configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled, are highly encouraged to review and address accordingly.
Over the weekend, Palo Alto Networks released workaround guidance for a command injection vulnerability (CVE-2024-3400) which affects PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. WaterISAC is sharing this for member awareness.
Yesterday, the NSA’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet (CSI) Deploying AI Systems Securely in collaboration with CISA, the FBI, and international partners from Australia, Canada, New Zealand, and the United Kingdom.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 16, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
