An increasing number of ransomware gangs are embracing a new tactic that allows them to encrypt their victims' systems faster while reducing the odds of being detected, according to a new report from SentinelLabs. This tactic is known as intermittent encryption and involves encrypting only portions of the targeted files' content, which still renders the data unrecoverable without a valid decryptor+key.
The North Korean sponsored advanced persistent threat (APT) Lazarus Group has been targeting energy providers across the world since February 2022 and employing new malware in their attacks, according to security researchers at Cisco Talos. Lazarus Group threat actors gain initial access via the exploitation of the Log4j vulnerability on exposed VMware Horizon servers. After gaining initial access, the attackers establish persistence on the victim networks’, conduct lateral movement, and deploy malware.
Understanding all the systems and devices that make up your organization’s network is a critical first step in establishing a cyber risk management strategy. Since you cannot defend or secure what you do not know you have, performing asset inventories to gain network visibility is critical for all organizations large and small. According to Tenable, organizations that have full network visibility “are better positioned to understand where the greatest risks are within their environment and start taking the necessary steps to mitigate risk where it matters most.”
More than half of companies surveyed worldwide know a partner or vendor that has been impacted by ransomware. Still, few organizations are working to address supply chain vulnerabilities, according to a new report from Trend Micro. To conduct its study, Trend Micro survey around 3000 IT leaders across 26 countries. Among other findings, the report discovered that around 25 percent of all data breaches are due to ransomware.
September is National Insider Threat Awareness Month (NITAM), a time dedicated to spreading awareness in government and industry about the risks posed by insider threats and the role of insider threat programs. This year’s theme is “Critical Thinking in Digital Spaces,” which encourages engaging in critical thinking to recognize and avoid falling victim to insider threats.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
A reverse-proxy Phishing-as-a-Service (PaaS) toolkit, dubbed EvilProxy, is being advertised on cybercriminal marketplaces. EvilProxy provides threat actors with the means to bypass multi-factor authentication (MFA) on Apple, Google, Microsoft, and other prominent web applications.
Security researchers at Armorblox observed a recent phishing campaign utilizing a very convincing brand impersonation of American Express to fool victims and steal credentials. The phish includes an attachment purporting to be an urgent message informing the recipient that their account will be suspended unless they perform a mandatory account verification.
Quickly identifying a cyber threat and mitigating it can mean the difference between thousands or millions lost due to operational disruptions. Decreasing mean time to detect (MTTD) threats is a goal for every organization for increasing overall cybersecurity posture.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
