Since mid-December 2022, threat actors have been increasingly exploiting Microsoft OneNote files to deliver malware and compromise victims. Last week, WaterISAC shared a DHS report on attackers successfully utilizing weaponized Microsoft OneNote files for malware distribution. Threat actors, including ransomware gangs, are actively using this delivery method to infect organizations.
The city of Oakland, California was recently the victim of a ransomware attack that impacted many of the city’s systems and disrupted some services. This latest ransomware attack, alongside ongoing cyber attacks against local governments, underscores the challenges that CISOs face in protecting a broad range of municipal services from numerous cyber threats. As the Oakland attack highlights, municipal governments have become major targets for ransomware gangs and state sponsored threat actors.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Last week, the EPA formally released its long-anticipated interpretive memorandum requiring states to evaluate the cybersecurity of operational technology used by a public water system (PWS) as part of periodic sanitary surveys or through other state programs.
Today, the White House released a new National Cybersecurity Strategy, which aims to identify the cyber challenges facing the country and offer solutions for improving the security and resilience of federal and private sector networks and systems. The strategy underscores that robust collaboration, particularly between the public and private sectors, is essential to securing cyberspace.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), released Decider, a tool for mapping adversary behavior to the MITRE ATT&CK® framework.
The use of backdoor malware, which provides threat actors with remote access to a device or network, was one of the top attack methods employed by malicious cyber actors last year, according to a recent IBM report.
An unknown threat actor is utilizing the PureCrypter malware downloader to infect government organizations with information stealers and various ransomware strains, according to researchers at Menlo Security.
Today, the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory (CSA) detailing tactics, techniques, procedures (TTPs) and key findings from a 2022 Red Team assessment to provide network defenders of critical infrastructure organizations proactive steps they can take to reduce the threat of similar activity from malicious cyber actors.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
