The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
May 12, 2022
Email phishing lures are not the only way threat actors attempt to trick individuals into revealing their private information. URL spoofing is another common method adversaries exploit to steal information and conduct other malicious activity. Specifically, researchers have uncovered several URL spoofing bugs in popular Software-as-a-Service (Saas) platforms Box, Zoom, and Google Docs.
Security researchers have discovered a new sophisticated post-exploitation framework being primarily deployed on Exchange servers, dubbed IceApple. The toolset was discovered by CrowdStrike after an alert triggered on a new customer’s Microsoft OWA deployment. Researchers believe the developers behind IceApple prioritize keeping a low profile in network environments to achieve long-term objectives in targeted attacks.
The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the United Kingdom have released joint Cybersecurity Advisory (CSA) AA22-131A, warning of an increase in malicious cyber activity targeting managed service providers (MSPs) and this trend is expected to persist. The advisory offers specific steps MSPs and their customers can implement to reduce their risk of falling victim to a cyber intrusion.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The National Institute of Standards and Technology (NIST) has released an updated guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. The updated guide, titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, offers specific methods for companies to adopt as they improve their ability to manage cybersecurity risks within and across their supply chains.
Security researchers have uncovered a phishing campaign targeting energy and other infrastructure companies by exploiting HTML attachments that contain credential stealing forms. In this specific campaign, the threat actor portrays the phishing email as a being from an internal source by leveraging the “Shared-Files via” feature of Microsoft 365 and masquerades as a transcript being sent to the victim. However, the email address, with a Japanese domain, is clearly visible. After downloading the HTML file, users are prompted to enter their Microsoft email password to access a fake invoice.
The Microsoft Threat Intelligence Center (MSTIC) just published a lengthy report providing an overview of the Ransomware-as-a-service (RaaS) threat and detailing what organizations can do to better defend against this activity. Microsoft has termed the RaaS gig economy as human-operated ransomware, where human threat actors make decisions at every stage of the attack. Despite the rising threat, there are many preventative steps organization can implement to harden their defenses. First, it’s important that companies practice credential hygiene.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
