As WaterISAC shared in its September 17 Security and Resilience Update, Emotet has resumed spear phishing activity. Specifically, last week Emotet was observed using similar tactics from late spring 2019 by hijacking old email threads designed as invoices. This week it adds a different tactic to its arsenal of lures – NSA whistleblower Edward Snowden’s new book, Permanent Record.
Microsoft has released security updates to address vulnerabilities in Internet Explorer 11 and Microsoft Defender. The updates include a cumulative security update for Internet Explorer. A remote attacker could exploit these vulnerabilities to take control of an affected system.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published four new documents on its CISA Insights page. Each product provides a description of the threat, lessons learned, recommendations, and additional relevant resources. The new products are:
Developing plans for how utilities will respond to cyber incidents is critical for quick recovery and restoration from such events. An effective cyber incident response (IR) plan will limit damage and reduce recovery time and costs. Most importantly, the IR plan needs to be in place and tested before a cyber incident occurs; nonetheless, research reveals cyber incident response plans are still largely ineffective.
Awareness training is a key organizational risk strategy component to create and maintain a culture of cybersecurity, all personnel should receive regular, ongoing cybersecurity awareness training. Likewise, technical IT and OT personnel should participate in advanced training, and include red team/blue team exercises to practice and reinforce cybersecurity defense concepts and strategies.
TFlower has emerged as the latest ransomware targeting corporate environments, gaining entry into networks through exposed Remote Desktop Protocol (RDP) services. TFlower was actually discovered in August, and at the time it was thought to just be another generic ransomware. But TFLower activity is reported to be picking up. While TFlower’s rise in the ransomware environment may have come as a surprise, its method for infecting systems shouldn’t be.
CISA has released an advisory on an information exposure vulnerability in Honeywell Performance IP Cameras and Performance NVRs. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to view device configuration information. Honeywell has released firmware update packages for all affected products. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
CISA has released an advisory on improper restriction of excessive authentication attempts, information exposure, cross-site request forgery, and use of password hash with insufficient computational effort vulnerabilities in Siemens SINEMA Remote Connect Server. Versions prior to 2.0 SP1 are affected. Successful exploitation of these vulnerabilities may allow an attacker unauthorized access to the web interface, improper access to privileged user and device information, and may allow successful CSRF attacks.
CISA has released an advisory on code injection, command injection, stack-based buffer overflow, and improper authorization vulnerabilities in Advantech WebAccess. Versions 8.4.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system. Advantech has released Version 8.4.2 of WebAccessNode to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities.
Emotet started spewing out new spam emails yesterday after a period of inactivity that lasted nearly four months. As WaterISAC discussed in its August 27 Security and Resilience Update, researchers had observed Emotet’s command and control servers coming back to life.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
