Action strongly recommended for utilities that use the affected versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure Gateways
What’s new:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Today, CISA and the FBI released a joint Cybersecurity Advisory (CSA), “Known Indicators of Compromise Associated with Androxgh0st Malware,” to provide network defenders with known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware.
I know it’s only January, but if phishing campaigns feel like Groundhog Day, that’s because they are. Yet, despite the same ‘ol themes, it’s important to keep staff apprised and reminded of the tried-and-true tricks that threat actors keep using because they keep working. And if there’s one thing miscreants have a penchant for, it’s cultural and seasonal themes. If you’re wondering if you should warn your wonderful users about which themes to be wary, check out these recent posts from Cofense and Checkpoint for a clue!
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA recently published the “Personal Security Considerations Action Guide: Critical Infrastructure Workers,” to help critical infrastructure workers assess their security posture and provide options to consider whether they are on or off the job. This guide provides actionable recommendations and resources intended to prevent and mitigate threats to a critical infrastructure worker’s personal safety.
As Phishing-as-a-Service (PhaaS) offerings have lowered the barrier to entry for low-skilled threat actors, “Adversary-in-the-Middle” (AitM) attacks have become much less technical to execute. Open-source toolkits such as “EvilGinx3,” make phishing campaigns accessible to the most novice threat actors. With such frameworks, actors can easily create custom Office 365 login pages; mimic other popular websites such as Amazon, LinkedIn, Facebook, and X (formerly Twitter) to conduct opportunistic or highly targeted phishing campaigns.
Do you ever get the feeling users still don’t believe or understand how easy it is for threat actors to find information to use against them and/or our organizations? Or about how trivial it is for threat actors to blend in with normal activity? Are you fascinated or flabbergasted that the most simplistic good ol’ fashioned social engineering tricks (cyber or physical) are still successful after all these years?
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
