The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The threat of compromise via firmware attacks is becoming an increasing concern for IT professionals. Between hybrid work models and continued reliance on legacy systems, it’s increasingly more challenging for IT staff to secure firmware on devices that may not be in the office or older systems that simply don’t support device security.
The Cybersecurity and Infrastructure Security Agency (CISA) published guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022.
A new ransomware group has targeted almost 50 victims within the two months of its emergence in the wild and it hasn’t even begun its marketing or affiliate campaign yet. The Black Basta ransomware first became operational in April 2022 and is the latest ransomware gang seeking to extort enterprises. Researchers believe Black Basta’s quick rise to prominence is due to its potential close ties with and copying the techniques of other successful ransomware groups such as Conti and REvil.
The Homeland Security Systems Engineering and Development Institute, sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Attention: Action required if your utility uses affected VMware Horizon® and Unified Access Gateway (UAG) servers in your environment and they are not up-to-date with current vendor patches or recommended workarounds.
The cybersecurity authorities from the U.S., New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks.
While properly configured technical controls can go a long way in protecting from cyber threats, there are countless threats that defeat even the best technology solutions. Those threats most often emanate from email and are intentionally designed to bypass blocking controls in an attempt to trick our last line of cyber defense – the users. Furthermore, with email enduring as the most likely ingress for a cyber attack, threat actors have the odds of a successful attack on their side.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
