The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Abnormal published a detailed blog post discussing a Vendor Email Compromise (VEC) attack with a 36 million dollar impact that was detected by its platform. In textbook fashion, the attacker impersonated a senior leader at a third party vendor that had a long-term relationship with the target and attempted to further gain legitimacy by cc’ing a peer business in the same sector. The spoofed emails utilized addresses with a “.cam” (not “.com”) domain, which had been set up less than a week prior to the attack.
CISA and the NSA have released a document titled “Identity and Access Management Recommended Best Practices Guide for Administrators” as part of their work on the Enduring Security Framework working group.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat actors behind the infamous Emotet malware, which recently re-emerged this month to infect users through their inboxes once again, are now exploiting Microsoft OneNote to distribute the malware and bypass Microsoft security restrictions, according to security researchers at Malwarebytes.
Mandiant released a report analyzing zero-day exploitation trends in 2022 and their relation to nation state cyber activity. Overall, the company tracked 55 zero-day vulnerabilities (measured as a vulnerability exploited in the wild before a patch was released) over the course of the year, a significant increase in comparison to prior years, though not comparable to the record breaking 81 exploits tracked in 2021. Mandiant is confident that 13 of those zero-days were exploited by state actors, with China as the most enthusiastic participant, utilizing seven zero-days.
Yesterday, CISA, the FBI, and MS-ISAC released a joint Cybersecurity Advisory (CSA) concerning the successful exploitation of a .NET deserialization vulnerability in the Progress Telerik user interface (UI) software (CVE-2019-18935). Successful exploitation of the vulnerability provided threat actors with remote code execution capabilities on a federal network.
Today, CISA, the FBI, and MS-ISAC released a joint Cybersecurity Advisory (CSA) to provide network defenders with known LockBit 3.0 ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as March 2023.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Cloudflare has released a list of the top 50 brands that phishing URLs impersonate in an effort to make employees more aware of which types of emails in their inbox they should be most skeptical. The top five brands include AT&T Inc., Paypal, Microsoft, DHL, and Facebook.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
