The U.K.’s National Cyber Security Center (NCSC) recently published guidance highlighting how organizations can strengthen access and identity management security by implementing additional authentication methods beyond just using passwords.
Credential stuffing attacks became so pervasive in the first quarter of 2022, that the malicious traffic surpassed that of legitimate login attempts from normal users in some countries, according to security researchers at Okta.
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) with technical details on cyber activity by Iranian state-sponsored threat actors that launched a destructive cyberattack against the government of Albania. Members are encouraged to review this advisory for greater understanding of adversary capabilities and behaviors and for recommended mitigations to protect systems from similar threats – irrespective of threat group or victimology.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Today, Dragos published the Gulf Cooperation Council (GCC) Water & Wastewater Systems Cyber Threat Perspective that highlights cyber threats currently targeting water and wastewater systems in the GCC region – comprising Bahrain, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates. While the geography may not seem relevant to U.S.
Depending on the size of and resources available at your utility, you may not have implemented a vulnerability management program for your OT infrastructure, let alone for IT. If you have a mature program for OT you are in the minority. However, even if you don’t have a defined program, vulnerability management is a foundational cybersecurity activity that cannot be ignored by anyone.
The infamous Emotet botnet is now being used by attackers to deliver Quantum and BlackCat ransomware, based on a report by the cybersecurity firm AdvIntel. Emotet is a very common malware and AdvIntel has observed 1,267,598 total Emotet infections worldwide during the first nine months of 2022. Emotet typically propagates via email phishing campaigns and often hijacks email threads.
Last week, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country. This State and Local Cybersecurity Grant Program, made possible by President Biden’s Bipartisan Infrastructure Law, provides $1 billion in funding to SLT partners over four years, with $185 million available for FY22, to support SLT efforts to address cyber risk to their information systems.
Threat actors are exploiting Microsoft Edge’s News Feed to conduct a malvertising campaign by injecting online advertisements and redirecting potential victims to websites pushing tech support scams, according to security researchers at Malwarebytes. This campaign has been ongoing for at least two months and is currently one of the most extensive operations based on the amount of telemetry noise.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
