A reverse-proxy Phishing-as-a-Service (PaaS) toolkit, dubbed EvilProxy, is being advertised on cybercriminal marketplaces. EvilProxy provides threat actors with the means to bypass multi-factor authentication (MFA) on Apple, Google, Microsoft, and other prominent web applications.
Security researchers at Armorblox observed a recent phishing campaign utilizing a very convincing brand impersonation of American Express to fool victims and steal credentials. The phish includes an attachment purporting to be an urgent message informing the recipient that their account will be suspended unless they perform a mandatory account verification.
Quickly identifying a cyber threat and mitigating it can mean the difference between thousands or millions lost due to operational disruptions. Decreasing mean time to detect (MTTD) threats is a goal for every organization for increasing overall cybersecurity posture.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The number of zero-day vulnerabilities is increasing and heightening the risk to organizations of a potential compromise. Indeed, according to a report from Mandiant, the amount of zero-days being exploited in the wild in 2021 increased by more than 100 percent compared to the previous year. State-sponsored attackers continue to be the main actor exploiting these vulnerabilities. However, a third of adversaries abusing zero-days were financially motivated cybercriminals. The most frequent zero-day exploits included Microsoft, Apple, and Google products.
Security researchers at MailGuard analyzed a targeted spear phishing attack on an organization and discovered the use of a novel technique intended to spoof email filters and spam scanners, highlighting how threat actors continuously adapt their tactics, techniques, and procedures.
The cybersecurity firm Barracuda recently published its annual threat research report, which examined ransomware attack patterns to determine the most targeted industries. The report analyzed 106 publicized ransomware attacks between August 2021 and July 2022 and found critical infrastructure and municipalities were among the top five industries targeted, along with the financial, healthcare, and education sectors.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
DarkReading has written an article discussing the consequences for companies and cyber insurers in the wake of Lloyd’s of London’s decision to require member insurers to exclude state-backed cyberattacks from customers’ cyber insurance policies. The experts consulted unanimously agreed that this action damages trust in cyber insurance, increasing the uncertainty around whether an organization will be reimbursed after an attack. The main criticism is that the term “state-backed cyberattack” is extremely broad and can be abused by the insurance industry to limit payouts.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
