The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Collaborative defense and information sharing is most effective when we all work together; otherwise, it’s just a one-way flow of information, and the providers are left wondering if their efforts are useful to the constituents. In that respect, CISA offers numerous no-cost products and services, including various types of assessments to critical infrastructure entities. Historically, the water and wastewater sector has been one of the largest groups (typically second only to the electricity sector) availing themselves of CISA’s services.
Microsoft has provided a security update for this vulnerability. Due to continued active exploitation, system administrators are highly encouraged to address accordingly and continue tracking new information regarding the zero-day Microsoft vulnerability (CVE-2022-30190) – dubbed Follina – that was disclosed over the Memorial Day weekend.
June 9, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Bitdefender has released a security blog noting the recently observed upswing in travel-related spam campaigns. While this is typically a common trend, 2020 and 2021 saw a lot less travel-related phishing than usual due to COVID restrictions. However, it appears scammers are just as eager to get a jump on those getting a jump on vacation planning, as travel-themed phishing lures began to increase in March with an expected peak in June. Popular nations being targeted include the United States, Ireland, India, and the UK.
Threat actors behind the infamous Emotet malware are employing new sophisticated attack techniques to infect systems and networks and steal credentials.
According to a senior official at the Cybersecurity and Infrastructure Security Agency (CISA), the serious dearth of ransomware incident reporting in the U.S. is hindering efforts by the government to protect organizations. Likewise, lack of reporting is making it harder for the government to take retaliatory actions against these threat actors.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the National Security Agency (NSA), have published a joint Cybersecurity Advisory (CSA) describing the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure. The advisory describes the targeting and compromise of major telecommunications companies and network service providers and the top vulnerabilities routinely exploited by threat actors since 2020.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely, create new admin accounts, and conduct other malicious activity such as deploy ransomware. Last Friday, a proof-of-concept exploit for the Atlassian Confluence vulnerability was publicly posted.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
