Dragos published its 2022 ICS/OT Cybersecurity Year in Review this week.
Bleeping Computer has written an article covering a malicious campaign abusing Google ads that was discovered by researchers from Sentinel Labs. The malvertising campaign redirected victims to a fake Amazon Web Services login page, registered to what is believed to be a Brazilian threat actor. The most notable thing to remember is that in many instances the bad ads rank very high in the search results. For instance, when searching for “aws,” this campaign’s malicious result appeared second, right behind Amazon’s own promoted search result.
Dark Reading has written an article about the recent reddit hack and how the details that have been released demonstrate the limitations of two-factor authentication and the benefits of employee training. Despite reddit requiring the use of two-factor authentication internally, attackers were still able to convince an employee to click on a malicious link and harvest their credentials.
Brute force attacks are one of the most simple and effective means for threat actors to gain unauthorized access to an organization’s network, allowing attackers to steal sensitive data, spread malware, hijack systems, or conduct other nefarious activities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the FBI, the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service just released a joint Cybersecurity Advisory (CSA) to warn network defenders of malicious activity targeting U.S. and South Korean Healthcare and Public Health (HPH) Sector organizations as well as other critical infrastructure sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign known as “ESXiArgs.” This CSA provides guidance for network defenders on how to use the recovery script that CISA released as well as recommended mitigations. Members are encouraged to review the advisory, but be advised that recovery script as reported in
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
SC Magazine has written an article covering the rise of a new malware trend: using Microsoft’s OneNote to distribute payloads. Researchers from both Proofpoint and Sophos have observed various threat actors executing campaigns that deliver malware through OneNote attachments, likely as part of criminals’ continued attempts to test out new methods of bypassing threat detection software.
Bleeping Computer has written an article discussing the latest strain of the Medusa malware, which has existed in one form or another since 2015. While primarily a DDoS botnet, researchers at Cyble have discovered a new variant in the wild that’s based on the Mirai botnet’s source code leak from 2016, giving Medusa extensive new capabilities. However, the main concern is the addition of a ransomware module that gives Medusa more flexibility in how it can be used once it infects a machine.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
