Update - October 21, 2021
More details have been revealed about the former employee of the Post Rock Rural Water District (a.k.a., Ellsworth County Rural Water District No. 1) in Kansas who was indicted for unauthorized computer access with intent to harm, including an updated plea to guilty.
Microsoft’s 365 software package is one of the most widely used products in the world but also one of the most targeted vectors where data breaches and cyberattacks occur. To protect data privacy and against data breaches, Microsoft released a Privacy Management tool. The privacy package continuously locates where personal data is stored on an enterprise network, maps it, and provides an aggregated view of an entity’s privacy posture.
Although most people are aware of the major Solar Winds attack that compromised many organizations through its supply chain, lower-scale, less sophisticated supply chains are also increasingly being exploited, specifically in the developer or mobile environments. Indeed, many entities are being compromised not because of poor enterprise security, but because of unsecured connections in their supply chains.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Amidst increasing awareness of phishing attacks, one phishing campaign is using the DocuSign software to target lower ranking employees and trick them into providing login credential to scammers. In this campaign, victims receive an email impersonating someone in their organization asking them to “sign” a document by clicking on the attachment and entering their credentials. These emails are created to appear legitimate, but real DocuSign emails never ask users to enter password instead asking them to enter an authentication code emailed to them separately.
As if phishing emails weren’t enough, a new vishing campaign involves threat actors posing as Microsoft employees to trick victims into granting remote access to their devices. Vishing is a variation of phishing where the attackers speak with a victim over the phone. This vishing campaign was identified by the security firm Armorblox.
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) released a joint cybersecurity advisory underscoring the persisting threat from the BlackMatter Ransomware group. The advisory includes tactics, techniques, and procedures (TTPs) associated with BlackMatter activity which could help organizations defend against this threat group. BlackMatter was first detected in July 2021 and has since targeted multiple critical infrastructure entities.
In support of its mission to identify threats to the water and wastewater sector, WaterISAC is asking utilities to respond to its survey asking about physical and cyber incidents and suspicious activities they've experienced in the past quarter, from July 1 to September 30, 2021. WaterISAC will aggregate, make confidential*, and share with members the information collected from the survey in its next Quarterly Water Sector Incident Summary report. The response deadline is Friday, November 5, 2021.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
