The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
DigiCert, a leading certificate authority (CA), began revoking thousands of SSL/TLS certificates due to a recently identified domain validation flaw. On July 29, the company informed its customers of the urgent need to revoke these certificates, citing strict compliance requirements set by the CA/Browser Forum (CABF). Initially, it was estimated that about 0.4% of validations were impacted; however, further discussions revealed that more than 83,000 certificates and over 6,800 subscribers were affected.
The EPA Office of Inspector General (OIG) has issued a fraud alert regarding a recent trend involving phishing scams that utilize fraudulent EPA Notice of Violation letters. In this scheme, scammers send counterfeit letters to businesses, falsely claiming they have violated environmental regulations like the Clean Air Act and demanding immediate payment of substantial fines.
Last week, CISA released a new resource, "Resources for Onboarding and Employment Screening," designed for critical infrastructure leaders, human resources (HR) personnel, and managers at any level. This fact sheet provides actionable recommendations and resources for vetting and screening of individuals prior to hiring into an organization. Overall, the goal in conducting personnel vetting and background checks is to reduce the potential for insider threat activity.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
CrowdStrike
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Additional Alerts, Updates, and Bulletins:
In the Security & Resilience Update on June 18, 2024, WaterISAC shared research from Proofpoint on increased activity it has observed leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect computers with malware.
Today, the EPA released a new resource, "Small System Risk and Resilience Assessment Checklist." This product is designed to assist and wastewater utilities in systematically evaluating threats posed by malevolent acts and natural disasters that could endanger their services. This guidance targets small water or wastewater systems that serve fewer than 50,000 residents.
In addition to other widespread phishing campaigns, there have been notable phishing attacks exploiting Microsoft tools over the last month. A recent campaign is leveraging Microsoft Forms, a tool within the Microsoft 365 product suite designed for collecting feedback and information through surveys, quizzes, and polls. WaterISAC is sharing this for member awareness of current threats in Microsoft tools.
A misconfiguration in Proofpoint’s email security system allows threat actors to send seemingly genuine emails without detection. This campaign, which has been active since January 2024, leverages well-known companies by spoofing their emails and circumventing major security protections, such as SPF and DKIM signatures. WaterISAC is sharing for security awareness as the exploit of Proofpoint’s email protections enables the widespread impersonation of well-known brands.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
