A new Proofpoint report highlights MFA fatigue attacks, where users, bombarded by a continuous stream of MFA notifications, hastily approve requests out of frustration. Real-world examples include attacks on Uber, Cisco, and Microsoft by the Lapsus$ threat actor and underscore the prevalence and impact of these tactics.
According to a new blog post by Microsoft, a North Korean-based threat actor dubbed Diamond Sleet has been observed distributing a malicious variant of a legitimate application installer developed by CyberLink Corp. to target customers in a supply chain attack. For its part, the trojanized file, which is hosted on CyberLink’s update infrastructure, includes malicious code that is designed to download, decrypt, and load a second-stage payload.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Four Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
CISA and the UK National Cyber Security Centre (NCSC) have announced the release of the Guidelines for Secure AI System Development. The document provides essential recommendations for AI system development and emphasizes the importance of adhering to Secure by Design principles.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
November 21, 2023
Today, an update was issued for CISA's and the FBI's joint Cybersecurity Advisory (CSA) on Scattered Spider. The updates are included in the mitigation strategies section of the product. The updated CSA is posted below.
November 16, 2023
On Friday, a wastewater agency in Paris, France that manages nearly 275 miles of pipes and services nine million people filed a complaint with the judicial police and National Commission on Informatics and Liberty (CNIL) following the discovery of a cyber attack. The impacted agency, “Service public de l'assainissement francilien” (SIAAP) is the Greater Paris Sanitation Authority.
In response to cyber attacks that have intensified in both volume and impact and the vulnerabilities within the nation’s critical infrastructure, CISA has announced the beginning a new pilot program that is focused on certain sectors. The water and wastewater sector is among them and can expect to be offered “cutting-edge” cybersecurity services, such as CISA’s Protective Domain Name System (DNS) Resolver.
Today, CISA, the FBI, the Multi-State Information Sharing & Analysis Center (MS-ISAC), and the Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: LockBit Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
