Clayton Romans, Associate Director of Joint Cyber Defense Collaborative, shared a blog post in which he highlights a new suite of resources from CISA, in their new High-Risk Communities webpage, which provides civil society organizations guidance on bolstering their cyber defense and resi
There have been significant concerns in recent years over specific foreign-made components existing on U.S. networks, specifically devices and software connected to the internet carrying the risk of the potential for abuse via backdoors, supply chain implants, and tampering to aid in espionage or disrupt critical infrastructure. However, despite official government bans, research indicates foreign-manufactured connected device usage is growing faster in the U.S. than in other countries.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 2, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Data compiled by the FTC’s Consumer Sentinel Network shows that losses from impersonation scams in 2023 top $1.1 billion, three times higher than in 2020. The data was based on 490,000 scams reported to the agency in 2023, 330,000 of which were for business impersonation complaints, and the rest were from government impersonations. Most of the scams were conducted via phone calls, followed by email and text messaging, although the former has been in decline, and the latter on the rise, for the last three years.
Reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1 have caused CISA and the open source community to respond. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 28, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following alerts, updates, and bulletins.
Alerts, Updates, and Bulletins:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
Google’s Threat Analysis Group (TAG) and Mandiant produced a first-ever joint report that digs into the zero-day vulnerabilities that were exploited in 2023 to better understand threat actor behavior and key trends. The report shows 97 zero-day vulnerabilities were exploited in 2023, 50 percent more than the 62 in 2022, but slightly less than the 106 peak in 2021.
Yesterday, the Federal Register posted for public comment CISA’s Notice of Proposed Rulemaking (NPRM), which the agency was required to develop by the “Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)”. The proposal describes when critical infrastructure organizations will be required to report cybersecurity incidents.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
