Yesterday, WaterISAC sent a general advisory regarding the Log4j (CVE-2021-44228) vulnerability. Given the ubiquitous use of the Log4j Java logging library and ease and severity of exploitation, members are encouraged to review and take immediate action to assess the impact and address any vulnerability within their environments.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Apache Log4j (”Log4Shell”) Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Since last month’s re-emergence of Emotet – Everybody’s Email Enemy #1 – we’ve observed its rekindling with Trickbot to spread and propensity for proliferating ransomware attacks. However, the last 10 months since its global takedown effort appear to have been time well-spent for the malware as it has come up with some new tricks.
On Tuesday, Google took significant steps to disrupt and degrade the Glupteba botnet, which now controls over 1 million Windows PCs worldwide. Glupteba is a blockchain-enabled modular malware that has targeted Windows devices globally since at least 2011. Threat actors can then use the infected devices for malign purposes, such as stealing credentials or personally identifiable information.
The cybersecurity firm G DATA just released a vaccine for the STOP ransomware variant. This decryption tool is notable given that STOP ransomware is one of the most active ransomware variants in the wild that no one talks about. In fact, of the thousands of ID Ransomware submissions received every day, during active ransomware periods, 60 to 70 percent are STOP ransomware submissions. The vaccine does not prevent an initial infection of the ransomware.
Last week, WaterISAC shared a use case about the recent plan of the East Cherry Creek Valley Water and Sanitation District to upgrade its PLCs, RTUs, radios, SCADA system—and cybersecurity—in its water treatment system.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The holidays are many peoples’ favorite time of year, this is especially true for scammers. This year’s holiday season is no different, with scam campaigns looking to trick you into providing confidential information. Thus, in the spirit of holiday sharing, WaterISAC is highlighting three current scams for our members’ awareness.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
