The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Six Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Action strongly suggested: Utilities which use and have not already isolated or replaced impacted Barracuda Email Security Gateway (ESG) appliances are encouraged to address immediately.
The FBI published a TLP:CLEAR FLASH (AC-000172-TT) emphasizing the Barracuda warning from early June to immediately replace impacted appliances.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Cloudflare has releases its inaugural Phishing Threats Report for 2023, with a key takeaway that over 30% of phishing attacks rely on newly registered domains, making them more difficult for network defenders to detect.
Bleeping Computer has written an article discussing a recently discovered campaign utilizing Google ads to deliver technical support scams to victims, highlighting the continuing threat of malvertising.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
What’s Black and White and Read all Over? Many years before computers, “newspaper” was the usual punchline to this riddle, but in today’s culture the QR code is more representative. QR codes have been in use for many years – a Japanese automotive company actually patented them in 1994 – but the usage became much more widespread during the COVID-19 pandemic. QR codes have benefits, but like anything electronically/digitally useful, scammers eventually leverage them with nefarious intent.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Today, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC). This plan addresses systemic risks facing the exploitation of RMM software.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
