Dark Reading has written an article about the recent reddit hack and how the details that have been released demonstrate the limitations of two-factor authentication and the benefits of employee training. Despite reddit requiring the use of two-factor authentication internally, attackers were still able to convince an employee to click on a malicious link and harvest their credentials.
Brute force attacks are one of the most simple and effective means for threat actors to gain unauthorized access to an organization’s network, allowing attackers to steal sensitive data, spread malware, hijack systems, or conduct other nefarious activities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the FBI, the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service just released a joint Cybersecurity Advisory (CSA) to warn network defenders of malicious activity targeting U.S. and South Korean Healthcare and Public Health (HPH) Sector organizations as well as other critical infrastructure sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign known as “ESXiArgs.” This CSA provides guidance for network defenders on how to use the recovery script that CISA released as well as recommended mitigations. Members are encouraged to review the advisory, but be advised that recovery script as reported in
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
SC Magazine has written an article covering the rise of a new malware trend: using Microsoft’s OneNote to distribute payloads. Researchers from both Proofpoint and Sophos have observed various threat actors executing campaigns that deliver malware through OneNote attachments, likely as part of criminals’ continued attempts to test out new methods of bypassing threat detection software.
Bleeping Computer has written an article discussing the latest strain of the Medusa malware, which has existed in one form or another since 2015. While primarily a DDoS botnet, researchers at Cyble have discovered a new variant in the wild that’s based on the Mirai botnet’s source code leak from 2016, giving Medusa extensive new capabilities. However, the main concern is the addition of a ransomware module that gives Medusa more flexibility in how it can be used once it infects a machine.
Reminder: If your utility has any unpatched VMware ESXi servers online, you are encouraged to isolate them immediately and address accordingly.
FS-ISAC and the cloud company Akamai recently published a joint report, The Evolution of DDoS: Return of the Hacktivists, to educate industry on the somewhat renewed increase of Distributed Denial-of-Service (DDoS) attacks, the business risks it poses, and best practices on mitigation to better combat these incidents.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
