The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
CISA shared the following in an alert sent out today:
Rockwell Automation has released guidance encouraging users to remove connectivity on all Industrial Control Systems (ICS) devices connected to the public-facing internet to reduce exposure to unauthorized or malicious cyber activity.
From Rockwell Automation:
MS-ISAC, in coordination with the Elections Infrastructure ISAC (EI-ISAC), recently released a cyber threat intelligence (CTI) report titled: An Examination of How Cyber Threat Actors Can Leverage Generative AI Platforms. The report covers the testing conducted by the Center for Internet Security’s (CIS) Cyber Threat Intelligence team to understand how threat actors can leverage GenAI platforms, circumvent usage policies, and generate elections-focused phishing emails.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
While FIDO2 is “phishing-resistant” to credential stealing, it was also designed with the intent to further protect against session hijacking and man-in-the-middle (MiTM) attacks. Silverfort suggests that most applications do not protect the session tokens created after FIDO authentication is successful and that many identity providers are still vulnerable to MiTM and session hijacking attack types.
CISA recently updated its Public Safety Communications and Cyber Resiliency Toolkit with nine additional resources including an interactive graphic. The toolkit is designed to assist public safety agencies and others responsible for communications networks by providing the tools necessary to evaluate current resiliency capabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Seventeen Industrial Control Systems Advisories
Analyst Comment (Jennifer Lyn Walker): The decision to pay or not to pay a ransomware extortion demand isn’t always as straightforward as we’d like. The NCSC puts forth some poignant considerations. Members are strongly encouraged to incorporate these considerations into ransomware response plans and discuss them with leadership BEFORE you experience a ransomware incident.
On Friday, CISA, the FBI, and MS-ISAC released a joint Cybersecurity Advisory (CSA): “#StopRansomware: Black Basta” which provides cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta ransomware affiliates.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
