The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The European Cybersecurity Agency (ENISA) recently released its annual report on the cybersecurity threat environment facing the European Union. The report, Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape, identifies significant threats, threat actors and attack techniques, tracks major trends, and also provides mitigation measures.
The FBI has published a Public Service Announcement (PSA) advising the public on how to protect themselves from cyber criminals conducting computer-technical support scams. Technical support scams involve fraudsters posing as service representatives of a company's technical or computer repair service and contacting victims through email or by telephone about a highly priced, soon-to-renew subscription. According to the PSA, “Scammers request victims contact the scammers at a provided telephone number or email to cancel the renewal and receive a varying refund amount.
Today, the National Security Agency (NSA) published a new report offering guidance and recommendations to help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of exploitable vulnerabilities.
Last week, cybersecurity company Proofpoint released an assessment of cybersecurity predictions for 2023. Notably, Proofpoint forecasts that the commercialization of malware and other exploitation tools on the dark web will likely lead to an increase in cybercrime. The assessment also predicts that ongoing geopolitical tensions, such as the continuing Russian war in Ukraine, will likely catalyze new cyber attacks and expand systemic risk for organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
WaterISAC is honored to have Eric Goldstein kick off Day 3 of H2OSecCon next week.
BleepingComputer has reported on the Emotet botnet’s reawakening after its typical hiatus. Researchers from Cryptolaemus first observed the notorious botnet’s return after a four month break. According to the group, the most recent campaigns are utilizing stolen email reply chains to distribute a malicious Excel attachment that will download the malware.
Last week, Microsoft released its annual Digital Defense Report, which includes aggregated security data from across the systems and networks Microsoft monitors to understand the scope and scale of cyber threats around the world. Most notably, the report found that cyber attacks targeting critical infrastructure have grown significantly.
The FBI published a TLP:CLEAR Private Industry Notification (PIN) warning of cyber threats emanating from hacktivist activity and to encourage organizations to implement the recommendations in the Mitigations section to reduce the likelihood and impact of distributed denial of service (DDoS) attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
