The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Vulnerabilities & Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Four Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The recent slowdown in NIST’s National Vulnerability Database, which oversees CVE enrichment and provides the valuable cataloging of vulnerabilities that cyber professionals rely upon, has caused CISA to take action. NIST’s analysts have managed to analyze only 4523 of the 14,280 CVEs they received since the start of the year, making this an increasingly urgent problem. CISA has announced it is creating a new program, called “Vulnrichment,”, that aims to fill the CVE enrichment gap.
As has been the case since the dawn of the digital era, the world of cybersecurity is in constant transformation. Threat actors are always modifying their tactics as cybersecurity teams strive to maintain situational awareness. When it comes to social engineering and phishing, attackers are constantly refining their methods making it ever more important for organizations to update security awareness curriculum to incorporate information on the latest strategies.
Today, together with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international partners, CISA released the following guidance: “Secure-by-Design Choosing Secure and Verifiable Technologies.” This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 9, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
WaterISAC is sharing this for member awareness. The City of Wichita reported a ransomware incident that started over the weekend and shut down much of the city’s core services which have yet to be restored. As reported, the incident affected a wide portion of public services including the city’s airport, public transport, and water department. It appears this incident has only impacted the water account billing systems, which is highly common with cyber incidents at cities/municipalities.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 7, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
