The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As the holiday shopping season approaches everyone should be on the lookout for holiday shopping scams. Be aware of those “too good to be true” spam and scams from suspicious sites, phishing emails, or online ads offering items at inconceivable discounts. Threat actors have gotten good at disguising their campaigns to fit in with the legitimate messages and use the hustle and bustle of the shopping season to hope we don’t notice their scams.
To safely shop online, remember:
Email remains one of the top attack vectors for threat actors looking to compromise an organization. Despite this, a recent study found that around 90 percent of organizations have security holes in Microsoft 365 due to their current cybersecurity policies and architecture.
Last week, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain, titled Securing Software Supply Chain Series - Recommended Practices Guide for Customers.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.
Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) providing information about an incident at a Federal Civilian Executive Branch (FCEB) organization which involved Iranian government-sponsored APT actors exploiting a Log4Shell vulnerability in an unpatched VMware Horizon server.
Develop a viable defense and threat actors will inevitably find a way to bypass it. That’s the endless game of cat-and-mouse, especially in the cybersecurity world. A historical example was the old advice to ‘never open an email from someone you don’t know,’ so threat actors now expertly purport to be or impersonate someone (or something, as in the case of a well-known brand) we do know. A more recent example is in regards to multifactor authentication (MFA).
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The European Cybersecurity Agency (ENISA) recently released its annual report on the cybersecurity threat environment facing the European Union. The report, Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape, identifies significant threats, threat actors and attack techniques, tracks major trends, and also provides mitigation measures.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
