Since at least November 2023, a new malware called Latrodectus has been distributed in various phishing campaigns. The malware exhibits evasion functionality making it difficult to detect and shows qualities similar to the IcedID malware which threat actors used as an initial access broker (IAB) to sell unauthorized access to other threat actors facilitating further exploitation.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 9, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 4, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Ransomware resilience is more than just having validated backups for restoring your systems after a ransomware attack, vulnerability management has a lot to do with it too – that could be patching or addressing through compensating controls if patching is not possible. While ransomware attacks have negative outcomes no matter the attack vector, Sophos explains that exploiting unpatched vulnerabilities has the greatest business impact.
The Electricity Information Sharing and Analysis Center (E-ISAC), a WaterISAC partner, has released its GridEx VII Lessons Learned Report, its seventh biennial grid security and resilience exercise which took place in November 2023. The exercise is the largest of its kind in North America and included over 15,000 participants from approximately 250 North American organizations including water and wastewater utilities.
Clayton Romans, Associate Director of Joint Cyber Defense Collaborative, shared a blog post in which he highlights a new suite of resources from CISA, in their new High-Risk Communities webpage, which provides civil society organizations guidance on bolstering their cyber defense and resi
There have been significant concerns in recent years over specific foreign-made components existing on U.S. networks, specifically devices and software connected to the internet carrying the risk of the potential for abuse via backdoors, supply chain implants, and tampering to aid in espionage or disrupt critical infrastructure. However, despite official government bans, research indicates foreign-manufactured connected device usage is growing faster in the U.S. than in other countries.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – April 2, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
