The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
In Maine, two public wastewater facilities recently succumbed to ransomware attacks. The attacks occurred in the towns of Mount Desert Island and Limestone over the holiday weekends in April and July, respectively. Both incidents were “fairly minor, there was no threat to the public, there was no violation, no excursion, no health and safety threat,” according to Judy Bruenjes, a wastewater technical assistance engineer for Maine’s Department of Environmental Protection. In the Limestone incident, an outdated computer running Windows 7 was compromised.
The Cybersecurity and Infrastructure Security Agency (CISA) has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. As CISA notes, these data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.
While your cyber insurance policy may help alleviate some of the financial costs associated with a ransomware attack, researchers at Advanced Intelligence explain how details of the policy could also be used against you. Recently leaked training material reveals how Conti ransomware attackers exploit legitimate software to gain access to a network and search for cyber insurance policies.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
A new study from the Ponemon Institute finds that the financial costs incurred from phishing scams has significantly increased over the past six years. The report, titled The Ponemon 2021 Cost of Phishing Study, concludes the average annual cost of a phishing scam in 2021 is approximately $15 million for a 9,600-employee organization, or around $1,500 per employee. The study also highlights that the inability for organizations to contain malware is one factor behind the increasing cost of phishing attacks.
Cybercriminals are now leveraging legitimate document signature service platforms to conduct phishing scams according to recent reports. In this campaign, cybercriminals are utilizing free accounts from the cloud-based DocuSign service to trick email recipients into clicking on links that introduce malware into their systems and networks. Although researchers debate the novelty of this tactic, they all agree that these attacks are becoming more prevalent.
Joint WaterISAC – U.S. Environmental Protection Agency Advisory
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Ransomware groups are reportedly utilizing the PrintNightmare vulnerabilities to gain access to Windows devices. Currently, the Magniber ransomware gang is the only known threat group exploiting the PrintNightmare vulnerability. Magniber has been active since October 2017, and while most of the current victims appear to be in South Korea, given the widespread use of Windows Print Spooler and challenges in mitigating, this is a threat to track.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
