The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) released a new training manual last week for current and future federal, state, local, tribal, and territorial personnel looking to develop their cybersecurity skills. This new guide, titled the Cybersecurity Workforce Training Guide, includes over 100 training and certification prep courses for cybersecurity professionals along with access to resources from across the government. These training programs and tools provide opportunities at every proficiency level, from beginner through advanced.
There is no doubt that without a password manager, complex passwords are difficult to remember and lead to Perpetual Password Pitfalls. As such, the United Kingdom’s National Cyber Security Centre (NCSC) has been encouraging the practice of using three random words when creating passwords versus NIST’s standard guidance incorporating complexity requirements.
The Australian Cyber Security Centre (ACSC) has issued a security alert advising of an increase in reports from Australian organizations that have been impacted by LockBit 2.0 ransomware. The ACSC reports this activity has occurred across multiple industry sectors and that, in addition to demands for ransom payments, victims have received threats that data stolen during the incidents will be published. To help organizations further understand and protect themselves from this activity, the ACSC has published a profile on LockBit 2.0.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
In the latest development for the LockBit 2.0 ransomware (discussed by WaterISAC in last Thursday’s Security & Resilience Update), its operators are actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised a million-dollar payout.
The Cybersecurity and Infrastructure Security Agency (CISA) has published a series of resources designed to help critical infrastructure organizations reduce internet attack surfaces that are visible to anyone on web-based search platforms. CISA calls this program “Get your Stuff Off Search” and focuses much of its attention on the risks posed to exposed industrial control systems and the potential for impacts to public safety, human life, and national security.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
SentinelOne analyzed the malware used to bring the Iranian Railway to a screeching halt on July 9, 2021. Based on clues within the code, researchers have dubbed this newly discovered wiper malware “MeteorExpress.” WaterISAC is sharing this incident for awareness given the potential for similar attacks against other types of critical infrastructure in all parts of the world. Check out SentinelOne for details.
Today the Cybersecurity and Infrastructure Security Agency (CISA) released a new “Insights” document, Chain of Custody and Critical Infrastructure Systems, which offers critical infrastructure owners and operators guidance for securing chain of custody for their physical and digital assets. It provides an overview of what chain of custody, complemented by examples. In one example cited in the document, hazardous materials shippers and receivers must implement chain-of-custody requirements to ensure a positive and secure exchange.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
