The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data. The U.S.
The NCCIC has published an advisory on an unquoted search path or element vulnerability in Johnson Controls exacqVision Server. This vulnerability impacts exacqVision server versions 9.6 and 9.8. Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their privileges. Johnson Controls recommends users upgrade to the latest product, version 19.03. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.
On July 17, WaterISAC conducted the first webinar in its "Conducting Cyber Risk Assessments under AWIA" series. This kick-off webinar was intended to prepare a utility to complete a cybersecurity assessment.
The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.
The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks.
Despite the cyber criminals behind GandCrab having announced they are shutting down their operation, cybersecurity expert Brian Krebs observes that a growing body of evidence suggests they have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” In late April, researchers at Cisco Talos discovered the REvil ransomware strain being used to deploy GandCrab.
The FBI has issued a FLASH message advising on the release of a decryption tool applicable for all versions of the GandCrab ransomware. The FBI was part of the effort to make available the decryption tool, and it notes that it hopes the release of the master keys will facilitate development of additional decryption tools.
Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system.
The NCCIC has published an advisory on improper input validation and memory corruption vulnerabilities in Schneider Electric Floating License Manager. Versions 2.3.0.0 and earlier are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. Schneider Electric has made a fix for these vulnerabilities available for download on its website. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
