SC Media has written an article discussing the risks of not properly administering and updating an organization’s non-employee identity management systems.
Securonix has written a blog post describing an observed brute-force attack against Microsoft SQL servers to deploy Cobalt Strike and FreeWorld ransomware. The organization’s researchers found this attack interesting due to the relative sophistication of its tooling, infrastructure, and payloads.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
As people become more aware of phishing attacks, threat actors are constantly evolving their social engineering tactics to continue to compromise victims. To help organizations stay ahead of the latest phishing tactics, Cofense has written a report highlighting threat actors’ use of misleading dates in subject lines to influence the emotions of recipients and create a false sense of urgency.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Threats and other Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Four Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances.
CISA and the FBI have released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. Originally used as a banking trojan to steal banking credentials for account compromise, QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the U.S.
Security awareness training is a critical component for every organization’s cybersecurity program by helping to improve cyber resilience. To assist organizations with increasing their cyber resilience, Cofense has written a blog post outlining five ways to maximize their resiliency rate.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
