Yesterday, VMware's Threat Analysis Unit published a detailed report on the infamous Emotet malware using data gathered from attacks since January 2022. The study’s key findings include that Emotet’s attack patterns are constantly evolving, the malware is modular and can serve a number of attack purposes, Emotet authors are hiding their command and control (C2) infrastructure, and the infrastructure is always shifting.
Threat actors associated with the BlackByte ransomware group are employing a new sophisticated technique, dubbed “Bring Your Own Driver,” which enables attackers to bypass system and network defenses by disabling more than 1,000 drivers used by various security solutions, according to security researchers at Sophos. Researchers analyzed past attacks and found that Blackbyte threat actors have exploited known vulnerabilities in legitimate drivers resulting in disabled drivers and the prevention of endpoint detection and response (EDR) and antivirus products from operating normally.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have published a Public Service Announcement (PSA) to raise awareness of the potential threat posed by foreign cyber actors attempting to manipulate information or spread disinformation in the lead up to and after the 2022 midterm elections.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors. PRC state-sponsored cyber actors continue to exploit known vulnerabilities to actively target U.S. and allied networks, including software and hardware companies to illegally obtain intellectual property and develop access into sensitive networks.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
This year, Cybersecurity Awareness Month has changed up its typical approach of weekly themes and is focusing on four behaviors that are most important to #BeCyberSmart and stay safe online. The behaviors focus on the “people” part of cybersecurity to ensure all individuals and organizations make smart decisions personally and professionally. The behaviors that will be highlighted during the month include:
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have published a Public Service Announcement (PSA) assessing that any attempts by cyber actors to compromise election infrastructure are unlikely to result in largescale disruptions or prevent voting.
This week, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) published a joint Cybersecurity Advisory (CSA) to highlight malicious cyber activity by advanced persistent threat (APT) actors observed on a Defense Industrial Base sector organization’s enterprise network. Most notably, the advisory highlights how threat actors continue to successfully maintain persistence in victim networks by leveraging legitimate account credentials.
Attention: Microsoft Exchange administrators are highly recommended to revisit and follow Microsoft’s updated guidance to protect vulnerable servers until a patch is made available.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
