The U.K.’s National Cyber Security Centre (NCSC) recently published a cybersecurity toolkit to help boards ensure that cyber resilience and risk management are embedded throughout an organization, including its people, systems, processes, and technologies.
WaterISAC is tracking open-source reports describing an ongoing supply chain attack against 3CX software and its customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.
A new Emotet phishing campaign is exploiting tax season by purporting to be the Internal Revenue Service to compromise unsuspecting victims and conduct further malicious activity, according to security researchers at Malwarebytes and Palo Alto Networks Unit42.
The FBI has released a Public Service Announcement warning of the use of Business Email Compromise (BEC) tactics by criminal actors to acquire physical goods from the victim. Instead of impersonating requests for the transfer of money, these attacks spoof purchase orders requesting the distribution of goods to a false company. The goods that the report highlights include construction materials, agricultural supplies, computer technology hardware, and solar energy products. Additionally, some criminals abuse credit repayment to conduct this attack multiple times against a single business.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
On Thursday, CISA and Sandia National Laboratories released a new tool - Untitled Goose - to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. Among other features, Untitled Goose allows for the querying and exporting of AAD, M365, and Azure configurations for investigations.
This month there has been a lot of coverage on a few Microsoft product vulnerabilities. Most notable and understandable, the Outlook vulnerability (CVE-2023-23397) has received the greatest attention.
Today, the Cybersecurity & Infrastructure Security Agency (CISA) released a blog highlighting the recent success of the Joint Cyber Defense Collaborative (JCDC)’s pre-ransomware notification initiative and the impact it’s already having on reducing harm from ransomware attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Abnormal published a detailed blog post discussing a Vendor Email Compromise (VEC) attack with a 36 million dollar impact that was detected by its platform. In textbook fashion, the attacker impersonated a senior leader at a third party vendor that had a long-term relationship with the target and attempted to further gain legitimacy by cc’ing a peer business in the same sector. The spoofed emails utilized addresses with a “.cam” (not “.com”) domain, which had been set up less than a week prior to the attack.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
