Over the past few years, the number of ransomware attacks has continued to increase alongside an evolution of tactics, techniques, and procedures (TTPs) employed by threat actors to compromise a network. The latest development, ransomware attacks targeting cloud-based infrastructure.
The U.K.’s National Cyber Security Centre (NCSC) posted guidance for mapping an organization’s supply chain. The document is aimed at medium to large organizations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers. Supply chain mapping (SCM) is the process of recording, storing, and using information gathered from suppliers who are involved in a company’s supply chain.
Help Net Security has written an article covering research by Picus Security which found that multipurpose malware – or malware with multiple malicious capabilities – is becoming increasingly more popular to create and deploy. Researchers analyzed over 550,000 malware samples and mapped each one’s capabilities to the cyber kill chain.
Dragos published its 2022 ICS/OT Cybersecurity Year in Review this week.
Bleeping Computer has written an article covering a malicious campaign abusing Google ads that was discovered by researchers from Sentinel Labs. The malvertising campaign redirected victims to a fake Amazon Web Services login page, registered to what is believed to be a Brazilian threat actor. The most notable thing to remember is that in many instances the bad ads rank very high in the search results. For instance, when searching for “aws,” this campaign’s malicious result appeared second, right behind Amazon’s own promoted search result.
Dark Reading has written an article about the recent reddit hack and how the details that have been released demonstrate the limitations of two-factor authentication and the benefits of employee training. Despite reddit requiring the use of two-factor authentication internally, attackers were still able to convince an employee to click on a malicious link and harvest their credentials.
Brute force attacks are one of the most simple and effective means for threat actors to gain unauthorized access to an organization’s network, allowing attackers to steal sensitive data, spread malware, hijack systems, or conduct other nefarious activities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the FBI, the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service just released a joint Cybersecurity Advisory (CSA) to warn network defenders of malicious activity targeting U.S. and South Korean Healthcare and Public Health (HPH) Sector organizations as well as other critical infrastructure sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign known as “ESXiArgs.” This CSA provides guidance for network defenders on how to use the recovery script that CISA released as well as recommended mitigations. Members are encouraged to review the advisory, but be advised that recovery script as reported in
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
