The Cybersecurity and Infrastructure Security Agency (CISA) published guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022.
A new ransomware group has targeted almost 50 victims within the two months of its emergence in the wild and it hasn’t even begun its marketing or affiliate campaign yet. The Black Basta ransomware first became operational in April 2022 and is the latest ransomware gang seeking to extort enterprises. Researchers believe Black Basta’s quick rise to prominence is due to its potential close ties with and copying the techniques of other successful ransomware groups such as Conti and REvil.
The Homeland Security Systems Engineering and Development Institute, sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Attention: Action required if your utility uses affected VMware Horizon® and Unified Access Gateway (UAG) servers in your environment and they are not up-to-date with current vendor patches or recommended workarounds.
The cybersecurity authorities from the U.S., New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks.
While properly configured technical controls can go a long way in protecting from cyber threats, there are countless threats that defeat even the best technology solutions. Those threats most often emanate from email and are intentionally designed to bypass blocking controls in an attempt to trick our last line of cyber defense – the users. Furthermore, with email enduring as the most likely ingress for a cyber attack, threat actors have the odds of a successful attack on their side.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
In cooperation with the United States Digital Service, and the Federal Risk and Authorization Management Program, CISA released the Cloud Security (CS) Technical Reference Architecture (TRA). The CS TRA defines and clarifies considerations for shared services, cloud migration, and cloud security posture management.
An ongoing phishing campaign targeting U.S. organizations has been observed employing fake voicemail notifications to fool employees into providing their Office 365 or Outlook credentials. In this specific phishing campaign, users receive a phony email stating they have a new voicemail to listen to and are prompted to open an HTML attachment. To increase the chances of success, adversaries ensure the email's “From” field specifically references the targeted organization’s name.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
