The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI’s Internet Crime Complaint Center (IC3) is issuing an updated Public Service Announcement (PSA) to help organizations better understand and guard against the inadvertent recruitment, hiring, and facilitation of Democratic People's Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers.
Last week, CISA, the National Security Agency (NSA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, “Phishing Guidance: Stopping the Attack Cycle at Phase One.” The joint guide outlines phishing techniques threat actors commonly employ and provides guidance for network defenders to help reduce the impact of phishing attacks.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
October 24: CISA Releases One Industrial Control Systems Advisory
CISA, NSA, FBI, and MS-ISAC have released an updated version of the joint #StopRansomware Guide. The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights.
The ICT SCRM Task Force’s newest resource, Empowering SMBs: A Resource Guide For Developing a Resilient Supply Chain Risk Management Plan, was created to provide a valuable starting point for small and medium-sized businesses (SMBs) to develop and tailor an information and communications technology (ICT) supply chain risk management (SCRM) plan that meets the needs of their business. The Task Force SMB Resource Guide is a supportive tool that an organization can leverage to establish an actionable SCRM plan that will support the mitigation of risks and disruptions to their supply chains.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
