You are here

Home » Cybersecurity

Cybersecurity

(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – May 8, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

On May 8, 2025, CISA Released Five Industrial Control Systems Advisories for products used across multiple sectors. Please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:

(TLP:CLEAR) CISA Fact Sheet: Primary Mitigations to Reduce Cyber Threats to Operational Technology

Summary: This week, CISA, the FBI, EPA, and the Department of Energy (DOE) published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will strengthen their cybersecurity. The authoring organizations urge critical infrastructure entities to review this fact sheet and act now to improve their cybersecurity posture against active cyber threat activities specifically and intentionally targeting internet connected OT and ICS.

(TLP:CLEAR) Case Study Demonstrates Cybersecurity Outcomes from Free CRI Water Utility Program

Summary: The East Rio Hondo Water Supply Corporation (ERHWSC), a mid-sized rural water utility in southern Texas, completed Phase One of the Cyber Readiness Institute’s (CRI) Water Utility Pilot Project, sponsored by Microsoft. This case study outlines ERHWSC’s journey through the pilot program, the challenges it faced, and the impact the initiative had on the organization and the broader community it serves.

(TLP:CLEAR) FBI FLASH: Cyber Criminal Services Target End-of-Life Routers to Launch Attacks and Hide Their Activities

Summary: The FBI published a FLASH to disseminate indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with 5Socks and Anyproxy cyber criminal services’ targeting malware that affects end-of-life (EOL) routers. Threat actors exploit known vulnerabilities to compromise EOL routers, install malware, and use the routers in a botnet they control to launch coordinated attacks or sell access to the devices as proxy services.

(TLP:CLEAR) Possible Zero-Day Patched in SonicWall Secure Mobile Access 100 Series Devices

Summary: In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities to make a sensitive system directory writable, elevate their privileges to SMA administrator, and write an executable file to a system directory. This chain results in root-level remote code execution.

(TLP:CLEAR) FBI FLASH: Phishing Domains Associated with LabHost PhaaS Platform Users

Summary: The FBI has released a FLASH report to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. The FBI is releasing this information to maximize awareness and provide indicators of compromise that may be used for cyber defense purposes. 

(TLP:CLEAR) Google Zero-Day Threat Report Finds Increasing Attacker Interest In Targeting Security Devices

Summary: Google Threat Intelligence Group released an analysis covering all zero days it is aware of being exploited in 2024. They tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number they identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). They divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.

Pages

Subscribe to Cybersecurity