CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 19, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
The 2024 Sophos Threat Report published this week highlights how cybercrime disproportionally targets small businesses and hits them the hardest. Small organizations are typically more vulnerable to cyber attacks and thus suffer more from the impact of an attack. According to the report, ransomware, followed by business email compromise (BEC), continues to be the greatest threat to smaller organizations and also packs the biggest punch.
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – March 14, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
- by Jennifer Lyn Walker
It’s difficult to keep track of AI or LLMs that employees may be using (sanctioned or shadow AI) or that leadership may be pressuring to adopt. Additionally, broad discouragement on using AI tools may force users to use “shadow AI” tools with unknown consequences.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
CISA published guidance today pertaining to organizations transitioning from an on-premises identity management solution to one that utilizes the cloud, more specifically, when organizations decide to leverage a “hybrid” solution. CISA explains that when organizations leverage cloud solutions and attempt to integrate them with on-premises systems, identity management can be significantly more complex. On-premises identity management solutions need to securely and efficiently integrate with those applied in the cloud to achieve interoperability.
Recent analysis from Darktrace has emphasized the importance of reminding users that malicious emails often look like they are sent from legitimate sources. In this case, a recent phishing campaign leveraged legitimate Dropbox infrastructure and bypassed multifactor authentication (MFA) allowing attackers to access sensitive information. Slightly more surprising than usual, these attackers sent reminder emails to the victims to access the previously shared pdf.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
