The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that cyber criminals are creating fraudulent cryptocurrency investment applications to defraud financial institutions and other investors. Cyber criminals are seeking to exploit the increased interest in mobile banking and cryptocurrency investing.
Security researchers at Sophos recently published a report on BlackCat ransomware, that warned the threat actors behind the ransomware are adding new tools and practices, making the malware more effective at compromising organizations. BlackCat threat actors have targeted organizations in the US, Europe, and Asia, and don’t appear to favor any type of victim.
Last week, DHS’s Cyber Safety Review Board’s (CSRB) released a report reviewing the U.S. government and industry’s response to the Log4j Vulnerabilities first discovered in December 2021. The report stresses the Log4j event is not over and contends it will remain an “endemic vulnerability and that vulnerable instances of Log4j will remain in systems for many years to come.” The study also concluded that defenders from across government and industry collaborated and communicated in a dedicated fashion to address the incident.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
A new report from the cybersecurity firm Cofense examines the tactics and trends of one of the costliest cyber threats for companies both large and small – Business Email Compromise (BEC) scams. Unlike other email-based phishing attacks which utilize malware and stolen credentials, BEC scams involve social engineering tactics, via email communications, to trick an employee of a company to transfer unauthorized funds to the threat actor.
Akamai Security Research has posted a blog detailing their analysis of a WordPress-focused, Paypal-themed phishing kit seen in the wild. What’s unique about this kit is how thoroughly it attempts to steal a victim’s identity, including credit card information, PIN numbers, SSNs, email credentials, answers to common verification questions, and even selfies and pictures of government documents.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Microsoft Security posted a blog detailing their team’s observations of a phishing campaign targeting over 10,000 organizations with the ability to bypass the multifactor authentication (MFA) process. The campaign begins with a phishing email that redirects the victim to a spoofed login site. The attacker uses the gathered credentials on the actual site that returns a request for the MFA, which is then sent back to the victim. Once the victim gives the spoofed site the MFA information, the attacker can use it to continuously access the target site with the session cookie.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
CrowdStrike has posted a blog detailing a newly identified phishing campaign where threat actors have been observed posing as popular cybersecurity providers in order to gain a victim’s trust and access their computers. This campaign is what CrowdStrike labels a “callback phishing” campaign, as the victims are expected to call the number provided by the threat actors in order to be persuaded into installing a remote access tool (RAT) on their machine by a false customer service representative.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
