The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: Many organizations unknowingly leave common vulnerabilities and weaknesses exposed to the internet, making them easy targets for exploitation. Misconfigured systems, default credentials, and outdated software are often publicly accessible through internet-based search and discovery platforms. By following CISA’s Internet Exposure Reduction Guidance, organizations can proactively identify and remove these exposures, reducing their online footprint and strengthening their cybersecurity posture.
Summary: Cybersecurity firm Censys recently released information regarding internet-exposed Human Machine Interfaces (HMIs) connected to water systems throughout the U.S. The blog post mentions that in October, Censys researchers identified nearly 400 web-based HMIs connected to U.S. water facilities that were exposed online. The systems were found to be in one of three states: Authenticated (credentials required), Read-only (viewable without control), and Unauthenticated (full access without credentials).
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: WaterISAC held its quarterly Informational Webinar on Wednesday, June 11. The webinar provided members and non-members a chance to meet the WaterISAC team and learn about how WaterISAC operates. Staff members provided attendees with sector-related updates on public policy, cybersecurity threats, and physical security threats. In addition, the WaterISAC team discussed member benefits, upcoming events, special programs, and tips and tricks on how to maximize the member portal.
Summary: Microsoft Threat Intelligence and Dutch intelligence security services (AIVD and MIVD) have observed a new Russia-affiliated threat actor conducting espionage operations targeting organizations that are important to Russian government objectives, primarily in government and other critical infrastructure sectors. The new group is tracked as Laundry Bear by Dutch intelligence and Void Blizzard by Microsoft.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
