The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Today, CISA, the FBI, the National Security Agency, and other international partners released a joint cybersecurity advisory (CSA), titled “Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns,” to raise awareness of the specific spear-phishing techniques used by a Russian-based threat actor group known as Star Blizzard that targets individuals and organizations globally.
Last week, a group of unknown threat actors compromised a water pumping system for a "private group water scheme" in the Erris area of Ireland, resulting in the loss of water for 180 homeowners for two days. The perpetrators said the equipment - a "Eurotronics Israeli-made water pumping system" - was targeted due to the fact it originated in Israel, in an incident reminiscent of the recent exploitation of Unitronics PLCs.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
December 5, 2023
In this update on 2023 Holiday Shopping Scams, WaterISAC alerts members that reports indicate cyber criminals are currently targeting SaaS services and utilizing AI technology, social media phishing, and brand impersonation to pilfer from various sectors. Companies may want to consider proactive measures, such as manual or automated takedown services, to maintain consumer trust during the bustling holiday shopping season.
Today, CISA released a cybersecurity advisory “Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers,” in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a federal civilian executive branch agency. This vulnerability presents as an improper access control issue impacting specific versions of Adobe ColdFusion, some of which are no longer supported.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
