‘Tis the season for fresh starts. To that end, WaterISAC is announcing the rebranding of its monthly Cyber Threat Briefing. While it will certainly continue to offer briefings on active threats and vulnerabilities or relevant incidents as appropriate, the slight name change will more closely embody the varied cyber resilience content this monthly webinar has been providing.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
IT Vulnerabilities
Throughout 2023 the U.S. federal government launched several notable initiatives to help strengthen cybersecurity at the federal level and help organizations of all sizes enhance their cybersecurity and resilience amidst increasing threats.
Ransomware attacks used to be a fairly noisy and obvious attack as malware executed and countless files and their backups were rendered inaccessible either through encryption or deletion. This activity would light up alerts and security solutions like a Christmas tree or New Year’s fireworks. However, during 2023 many ransomware groups have been forgoing the file encryption and deletion phases while they tip-toe around our networks, silently lurking and establishing a foothold.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience, Vulnerabilities, Threats & Incidents
According to reports, Ukraine allegedly compromised Rosvodokanal, one of Russia’s largest private companies, and seized 1.5TB of data. The operation is believed to be carried out by the Ukrainian attack group Blackjack and part of continued cyberwarfare between Ukraine and Russia. The Interfax-Ukraine news agency stated that the Ukrainian attackers encrypted 6,000 computers and deleted more than 50TB of data, including internal document management system, corporate emails, cyber protection services, and backups.
Researchers disclosed details on two security vulnerabilities in Microsoft Outlook this week, which, when chained together, provide attackers a means to run any code or command on a computer system without restrictions. The vulnerabilities mentioned in the article can be exploited when a victim simply clicks on or opens a file, such as a sound file.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
