CyberSecurity Updates

15 May

CISA Releases Twenty-Two Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released twenty-two Industrial Control Systems (ICS) advisories on May 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-135-01 Siemens RUGGEDCOM APE1808 Devices ICSA-25-135-02 Siemens INTRALOG WMS ICSA-25-135-03 Siemens BACnet ATEC Devices ICSA-25-135-04 Siemens Desigo ICSA-25-135-05 Siemens SIPROTEC and SICAM ICSA-25-135-06 Siemens Teamcenter Visualization ICSA-25-135-07 Siemens IPC RS-828A ICSA-25-135-08 Siemens VersiCharge AC Series EV Chargers ICSA-25-135-09 Siemens User Management Component (UMC) ICSA-25-135-10 Siemens OZW Web Servers ICSA-25-135-11…

Read More
14 May

Patch Tuesday, May 2025 Edition

Information, Insights

Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available. Microsoft and several security firms have disclosed that attackers are exploiting a pair of bugs in the Windows Common Log File System (CLFS)…

Read More
13 May

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Information

Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world. 12 May 2025 Online disinformation feels like a constant, overwhelming force, sometimes with all-too-real impacts, as illustrated by events like the Pizzagate conspiracy theory going as far back as 2016. Almost a decade later, why are we still so quick to…

Read More
13 May

Five Years Later: Evolving IoT Cybersecurity Guidelines

Insights

The Background…and NIST’s Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to…

Read More
12 May

Update to How CISA Shares Cyber-Related Alerts and Notifications

Attacks, Insights, Malware

Starting May 12, CISA is changing how we announce cybersecurity updates and the release of new guidance. These announcements will only be shared through CISA social media platforms and email and will no longer be listed on our Cybersecurity Alerts & Advisories webpage.   The focus of our Cybersecurity Alerts & Advisories webpage will now be on urgent information tied to emerging threats or major cyber activity. CISA wants this critical information to get the attention…

Read More
10 May

Catching a phish with many faces

Information

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly Camilo Gutiérrez Amaya 09 May 2025  •  , 4 min. read Phishing remains a particularly stubborn threat in the cybersecurity landscape. It sticks around partly because even though the bad guys are always after the same prize – people’s login credentials and other sensitive information – they never cease to evolve…

Read More
08 May

Beware of phone scams demanding money for ‘missed jury duty’

Information

When we get the call, it’s our legal responsibility to attend jury service. But sometimes that call won’t come from the courts – it will be a scammer. Phil Muncaster 07 May 2025  •  , 4 min. read Jury duty is one of the key civic duties you may be called upon to serve. But in your haste to fulfil this obligation, you may be targeted by malicious actors preying on your fear of arrest,…

Read More
07 May

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Information, Insights

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals. In an indictment (PDF) unsealed last month, the U.S. Department of Justice said Dallas-based eWorldTrade “operated an online…

Read More
07 May

Toll road scams are in overdrive: Here’s how to protect yourself

Information

Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam. Phil Muncaster 06 May 2025  •  , 4 min. read Driving is a way of life in the US. The country’s sprawling suburbs and nationwide network of highways and toll roads is testament to this. But it also creates a large potential pool of victims for scammers to target, as American drivers have…

Read More
06 May

Unsophisticated Cyber Actor(s) Targeting Operational Technology

Attacks, Insights, Malware

CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage. CISA strongly urges Critical Infrastructure Asset Owners and Operators…

Read More