Law enforcement authorities arrested members of the Egregor ransomware cartel in Ukraine last week, the result of a joint investigation by French and Ukrainian police. The arrested suspects are believed to be some of these "affiliates" (or partners) of the Egregor gang, whose job was to hack into corporate networks and deploy the ransomware. They are also believed to have provided logistical and financial support to help prop up operations.
Federal government partners have just released a TLP:WHITE* Joint Cybersecurity Advisory on the recent compromise of a U.S. water treatment facility. This product provides a summary of the incident informed by personnel who assisted with the onsite response, threat overviews based on what was observed, and series of recommendations organizations are encouraged to consider to protect themselves against similar activity.
Check Point has found that the Emotet trojan as remained in first place in the top malware list for the second month running, impacting 6 percent of organizations globally, despite an international police operation which took control of the botnet in late January (as discussed in the January 28 Security & Resilience Update).
Both the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released advisories warning of internet romance scams on the occasion of Valentine’s Day. The FBI’s advisory explains well-rehearsed criminals search dating sites, apps, chat rooms, and other social media networking sites attempting to build “relationships” for the sole purpose of getting your money or your personally identifiable information.
As part of its regular patch Tuesday release, Microsoft has announced an escalation of privileges vulnerability (CVE-2021-1732) in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. Microsoft has stated that Windows 10 and Windows Server 2019 are affected by this vulnerability. Microsoft has also reported that this vulnerability has
All eyes are on the Oldsmar, Florida Water Treatment Plant incident at the moment, and not just the security community’s.
What we know about this incident has been widely published and shared across countless mediums - including a WaterISAC advisory to members yesterday - so we will not belabor posting every source.
The Federal Trade Commission (FTC) reflects on the top consumer frauds for 2020, noting that overall it was a busy year. According to the FTC, last year it received more than 2.2 million reports about fraud, with people collectively indicating they had lost nearly $3.3 billion. The top fraud of 2020 was imposter scams, with scammers showed up wearing many different hats – from that of a government official, to a known business, to a dear family member or friend.
Today is Safer Internet Day. With a theme once again of "Together for a Better Internet,” the organizers and supporters of this initiative call upon all stakeholders to join together to make the internet a safer and better place for all. While much of the focus of Safer Internet Day is on children and young people, this initiative still provides information and resources that can be useful for others, including representatives of organizations and industries.
Today officials in Florida announced that late last week an unknown malicious actor infiltrated a water treatment plant in the city of Oldsmar and made changes to chemical levels in the treatment process. Fortunately this activity was quickly observed by a plant operator and reversed. Officials indicated that the public was never in danger due to the operator's quick action as well as to other measures that would have prevented the release of the water into the distribution system.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
