Supplemental Cyber Highlights – August 10, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

ICS/OT/SCADA Vulnerabilities & Threats

• Some of you may know this guy! Water Sector Cyber Risk with Gus Serino (Unsolicited Response Podcast)
• Why ICS Vulnerabilities Do Matter (Claroty)
• OPC UA Deep Dive Series: A One-of-a-Kind OPC UA Exploit Framework (Claroty’s Team 82)

IT Vulnerabilities & Threats

• Citrix Zero-Day: 7K Instances Remain Exposed, 460 Compromised (Dark Reading)
• Downfall attacks can gather passwords, encryption keys from Intel processors (HelpNetSecurity)
• New ‘Inception’ Side-Channel Attack Targets AMD Processors (Security Week)
• Digital assets continue to be prime target for malvertisers (Malwarebytes)
• QakBot Malware Operators Expand C2 Network with 15 New Servers (The Hacker News)
• A couple of blasts from the past:
  • Why Shellshock Remains a Cybersecurity Threat After 9 Years (Dark Reading)
  • CVE-2017-11882: five years of exploitation (Kaspersky)

Technical Posts (for security analysts, sysadmins, and other nerds)

• Databases beware: Abusing Microsoft SQL Server with SQLRecon (IBM Security Intelligence)
• LOLBAS in the Wild: 11 Living-Off-The-Land Binaries That Could Be Used for Malicious Purposes (The Hacker News)
• Clustering attacker behavior reveals hidden patterns (Sophos)

Cyber Resilience & General Awareness

• The Power of Resilience: What America can learn from our partners in Ukraine (CISA)
• 10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance (Dark Reading)