The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Avanan posted a blog covering its research into what they are calling the “Blank Image Attack,” a newly observed technique where attackers place an empty image file within an HTML file. In the wild, Avanan researchers observed the following steps to the attack. First, the victim is prompted to download an HTML file attached to a spoofed DocuSign lure. This file only consists of a blank SVG image that contains code which automatically redirects the victim to a malicious website – giving the victim the impression that nothing happened.
Cisco Talos posted a blog covering its research into threat actor activity in the aftermath of Microsoft’s July 2022 action of blocking all VBA macros by default in documents downloaded from the internet. This action mitigated a common technique frequently used by attackers to gain access to networks and devices.
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Best Practices Guide for MITRE ATT&CK® Mapping. CISA uses ATT&CK as a lens through which to identify and analyze adversary behavior. ATT&CK provides details on 100-plus threat actor groups, including the techniques and software they are known to use.
To improve the chances of infecting more victims, threat actors are increasingly exploiting the Google Ads platform to push malicious downloads and spread malware via search results.
The National Security Agency (NSA) published guidance today to help the Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). “IPv6 Security Guidance” highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6 configurations and tools, and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface.
Huntress has posted a blog discussing why simply having a backup process is not enough to protect an organization. Essentially, it is crucial that backups be verified and tested. Organizations need to define their recovery time objective, or how long it takes to recover from backups, and their recovery point objective, or what categories of data are necessary to back up in order to continue operations. Once these objectives are agreed upon, organizations have a metric to measure their current backup process against and see where it succeeds and fails.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Cybersecurity company Check Point’s latest monthly threat index found that Qbot was the most pervasive malware targeting organizations in December 2022, displacing the Emotet botnet which only returned to the top ranks last month after a period of inactivity.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
