On Thursday, CISA and Sandia National Laboratories released a new tool - Untitled Goose - to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. Among other features, Untitled Goose allows for the querying and exporting of AAD, M365, and Azure configurations for investigations.
This month there has been a lot of coverage on a few Microsoft product vulnerabilities. Most notable and understandable, the Outlook vulnerability (CVE-2023-23397) has received the greatest attention.
Today, the Cybersecurity & Infrastructure Security Agency (CISA) released a blog highlighting the recent success of the Joint Cyber Defense Collaborative (JCDC)’s pre-ransomware notification initiative and the impact it’s already having on reducing harm from ransomware attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Abnormal published a detailed blog post discussing a Vendor Email Compromise (VEC) attack with a 36 million dollar impact that was detected by its platform. In textbook fashion, the attacker impersonated a senior leader at a third party vendor that had a long-term relationship with the target and attempted to further gain legitimacy by cc’ing a peer business in the same sector. The spoofed emails utilized addresses with a “.cam” (not “.com”) domain, which had been set up less than a week prior to the attack.
CISA and the NSA have released a document titled “Identity and Access Management Recommended Best Practices Guide for Administrators” as part of their work on the Enduring Security Framework working group.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat actors behind the infamous Emotet malware, which recently re-emerged this month to infect users through their inboxes once again, are now exploiting Microsoft OneNote to distribute the malware and bypass Microsoft security restrictions, according to security researchers at Malwarebytes.
Mandiant released a report analyzing zero-day exploitation trends in 2022 and their relation to nation state cyber activity. Overall, the company tracked 55 zero-day vulnerabilities (measured as a vulnerability exploited in the wild before a patch was released) over the course of the year, a significant increase in comparison to prior years, though not comparable to the record breaking 81 exploits tracked in 2021. Mandiant is confident that 13 of those zero-days were exploited by state actors, with China as the most enthusiastic participant, utilizing seven zero-days.
Yesterday, CISA, the FBI, and MS-ISAC released a joint Cybersecurity Advisory (CSA) concerning the successful exploitation of a .NET deserialization vulnerability in the Progress Telerik user interface (UI) software (CVE-2019-18935). Successful exploitation of the vulnerability provided threat actors with remote code execution capabilities on a federal network.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
