Security researchers at Amorblox recently published a report on a phishing impersonation attack in a Microsoft Office 365 environment that targeted 100,000 mailboxes at a large educational institution. The researchers were able to thwart the attack by using Natural Language Understanding, which is a type of artificial intelligence program.
Royal ransomware was the most active ransomware strain in November, knocking Lockbit ransomware from the top spot for the first time since September 2021, according to a recent report from the cybersecurity company NCC Group.
The FBI has published a Public Service Announcement (PSA) warning the public that cyber criminal threat actors are actively exploiting search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.
Review suggested: Given Microsoft is a widely used platform, please review the following and address accordingly. With respect to the holidays, please do not defer reviewing these latest threats.
CVE-2022-37958 is a remote code execution (RCE) vulnerability in the SPNEGO NEGOEX protocol of Windows operating systems, which supports authentication in applications.
Review recommended: Given Microsoft is a widely used platform, please review the following and address accordingly. With respect to the holidays, please do not defer reviewing these latest threats.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As much of the world looks forward to the upcoming holidays, it is a good time for a reminder that cyber threat actors are no respecters of festivities. Observances and traditions notwithstanding, the holidays are an especially risk-filled time of year as cyber threat actors take advantage of employees on leave, burnout, deadlines, and other distractions. A few incidents that have occurred over a holiday during recent years include events such as SolarWinds, log4j, Colonial Pipeline, and Kaseya.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
BleepingComputer has written an article covering a ransomware attack on Empresas Públicas de Medellín (EPM), a Colombian energy, water, and gas utility. According to reports, employees were told to work from home and public facing websites were unavailable, including payment portals, after EPM was targeted by BlackCat ransomware. While the company has not released many details, independent security researchers have found an unsecured server utilized by the threat actor behind the attack where it appears data on over 40 EPM machines was uploaded before being encrypted.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
