To improve the chances of infecting more victims, threat actors are increasingly exploiting the Google Ads platform to push malicious downloads and spread malware via search results.
The National Security Agency (NSA) published guidance today to help the Department of Defense (DoD) and other system administrators identify and mitigate security issues associated with a transition to Internet Protocol version 6 (IPv6). “IPv6 Security Guidance” highlights how several security issues can surface in networks that are new to IPv6, or in early phases of the IPv6 transition. Networks new to IPv6 lack maturity in IPv6 configurations and tools, and dual-stacked networks, which run on IPv4 and IPv6 simultaneously, have an increased attack surface.
Huntress has posted a blog discussing why simply having a backup process is not enough to protect an organization. Essentially, it is crucial that backups be verified and tested. Organizations need to define their recovery time objective, or how long it takes to recover from backups, and their recovery point objective, or what categories of data are necessary to back up in order to continue operations. Once these objectives are agreed upon, organizations have a metric to measure their current backup process against and see where it succeeds and fails.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Cybersecurity company Check Point’s latest monthly threat index found that Qbot was the most pervasive malware targeting organizations in December 2022, displacing the Emotet botnet which only returned to the top ranks last month after a period of inactivity.
Cyware has posted an alert detailing Microsoft sharing that the Cuba ransomware threat group has been observed targeting vulnerable Exchange servers using a zero-day exploit titled OWASSRF, or Outlook Web Access Server-Side Request Forgery. This is an escalation in criminal actors utilizing this exploit, as previously only the Play ransomware group had incorporated it into their malware.
Bleeping Computer has posted an article discussing newly released information regarding the CircleCI data breach. This was prompted by CircleCI, a backbone service for many developers, releasing an incident report revealing the initial breach was caused by an engineer’s device becoming “infected with information-stealing malware that [stole] their 2FA-backed SSO session cookie” and allowed criminal actors to begin stealing data beginning December 22, 2022.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat actors are increasingly targeting employee and customer data information while appearing less interested in financial information and credentials, according to research from the cybersecurity firm Imperva. Notably, Imperva’s research also found that 32 percent of data breaches are due to unsecured databases and social engineering attacks.
Imperva’s research identified the six most common mistakes made by organizations and individuals that enable data breaches:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
