CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Ransomware resilience is more than just having validated backups for restoring your systems after a ransomware attack, vulnerability management has a lot to do with it too – that could be patching or addressing through compensating controls if patching is not possible. While ransomware attacks have negative outcomes no matter the attack vector, Sophos explains that exploiting unpatched vulnerabilities has the greatest business impact.
The Electricity Information Sharing and Analysis Center (E-ISAC), a WaterISAC partner, has released its GridEx VII Lessons Learned Report, its seventh biennial grid security and resilience exercise which took place in November 2023. The exercise is the largest of its kind in North America and included over 15,000 participants from approximately 250 North American organizations including water and wastewater utilities.
Clayton Romans, Associate Director of Joint Cyber Defense Collaborative, shared a blog post in which he highlights a new suite of resources from CISA, in their new High-Risk Communities webpage, which provides civil society organizations guidance on bolstering their cyber defense and resi
There have been significant concerns in recent years over specific foreign-made components existing on U.S. networks, specifically devices and software connected to the internet carrying the risk of the potential for abuse via backdoors, supply chain implants, and tampering to aid in espionage or disrupt critical infrastructure. However, despite official government bans, research indicates foreign-manufactured connected device usage is growing faster in the U.S. than in other countries.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 2, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Data compiled by the FTC’s Consumer Sentinel Network shows that losses from impersonation scams in 2023 top $1.1 billion, three times higher than in 2020. The data was based on 490,000 scams reported to the agency in 2023, 330,000 of which were for business impersonation complaints, and the rest were from government impersonations. Most of the scams were conducted via phone calls, followed by email and text messaging, although the former has been in decline, and the latter on the rise, for the last three years.
Reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1 have caused CISA and the open source community to respond. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 28, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following alerts, updates, and bulletins.
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
