The Cuba ransomware group is exploiting Microsoft Exchange vulnerabilities to gain initial access to enterprise networks and eventually deploy ransomware, according to security researchers at Mandiant. Cuba ransomware has been around since 2019, but their activity increased in 2021 prompting the FBI to issue a FLASH advisory.
The Cybersecurity and Infrastructure Security Agency (CISA) has shared Broadcom Software’s threat advisory warning that an advanced persistent threat (APT) campaign using the Daxin malware has targeted multiple government and other critical infrastructure targets.
As host of the Gate 15 podcast The Cybersecurity Evangelist, WaterISAC Director of Infrastructure Cyber Defense Jennifer Lyn Walker recently published an episode on romance scams. Jen provides a general security awareness perspective on this very pertinent, personal, and painful topic.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the National Security Agency (NSA), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), have just released a joint Cybersecurity Advisory regarding a threat actor known as Sandworm (a.k.a., Voodoo Bear, Static Kitten, et. al.) that has been observed using a new malware, referred to in the advisory as Cyclops Blink. Government agencies have previously attributed the Sandworm actor to Russian intelligence services.
A new phishing technique is helping threat actors bypass multi-factor authentication (MFA) by tricking victims into logging into their accounts directly on adversary-controlled servers using the VNC screen sharing system. MFA protocols have become one of the best defenses against phishing compromises and other malicious cyber activity.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), just published a joint Cybersecurity Advisory outlining activities of the Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater. The APT group MuddyWater has been observed conducting cyber espionage and other malicious cyber activities targeting government and other critical infrastructure entities, across the globe.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Security researchers at Advanced Intelligence (AdvIntel) believe threat actors associated with TrickBot malware have partnered with the Conti ransomware gang, according to a recent report. TrickBot is a highly modular, multi-stage malware that has been active since 2016. TrickBot has survived a takedown attempt and helped relaunch the Emotet malware.
The Cybersecurity and Infrastructure Security Agency (CISA) has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. Before reviewing the free tools and services, CISA strongly recommends organizations take specific foundational measures to implement a strong cybersecurity program.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
