The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI’s Internet Crime Complaint Center (IC3) recently published its 2022 Internet Crime Report. The study draws data from 800,944 complaints of suspected internet crime reported to the FBI last year.
CISA has announced the establishment of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities of those vulnerabilities.
Industrial Cyber has written an article discussing the importance of critical infrastructure protection through the lens of four industry experts, including WaterISAC’s director of infrastructure cyber defense Jennifer Lyn Walker and Health-ISAC’s president and CEO Denise Anderson.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Various cybersecurity firms have observed that everybody’s email enemy emerged after another routine respite. As Emotet has proven to be a resilient threat, researchers report that it resumed activity again on March 7. While Emotet is still leveraging email as its initial infection vector, it’s important for defenders to track the various behaviors it adopts during each resurrection and detect and protect accordingly. According to Cofense, for this round Emotet is attaching very large .zip files that are not password protected.
Job recruitment scams are nothing new, but related campaigns have been on an uptick in recent weeks as threat actors seem to be exploiting mass layoffs, resignations, and recruitment efforts.
Since mid-December 2022, threat actors have been increasingly exploiting Microsoft OneNote files to deliver malware and compromise victims. Last week, WaterISAC shared a DHS report on attackers successfully utilizing weaponized Microsoft OneNote files for malware distribution. Threat actors, including ransomware gangs, are actively using this delivery method to infect organizations.
The city of Oakland, California was recently the victim of a ransomware attack that impacted many of the city’s systems and disrupted some services. This latest ransomware attack, alongside ongoing cyber attacks against local governments, underscores the challenges that CISOs face in protecting a broad range of municipal services from numerous cyber threats. As the Oakland attack highlights, municipal governments have become major targets for ransomware gangs and state sponsored threat actors.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
