Supplemental Cyber Highlights – April 4, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Jackson County in state of emergency after ransomware attack | Bleeping Computer
• Cyber attacks on critical infrastructure show advanced tactics and new capabilities | Help Net Security
• Considerations for Operational Technology Cybersecurity | The Hacker News
• Oil & Gas Sector Falls for Fake Car Accident Phishing Emails | Dark Reading
• DJI Mavic 3 Drone Research Part 2: Vulnerability Analysis | Nozomi Networks
• CISA faces resource challenge in implementing cyber reporting rules | Cyberscoop
• Re-architecting Broadband Networks | Cisco Blogs

IT Vulnerabilities & Security Updates

• Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure | The Hacker News
• Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems | SecurityWeek

IT Malware, Threats & Risks

• New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset | SecurityWeek
• Recently Updated Rhadamanthys Stealer Delivered in Federal Bureau of Transportation Campaign | Cofense

Cyber Resilience & General Awareness

• The role of access controls in preventing insider threats | AT&T
• Adversaries are leveraging remote access tools now more than ever — here’s how to stop them |Cisco Talos
• Exploring Access Control Models: Building Secure Systems in Cybersecurity | Tripwire
• Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack | Bleeping Computer
• 76% of consumers don’t see themselves as cybercrime targets | Help Net Security
• CVE and NVD – A Weak and Fractured Source of Vulnerability Truth | SecurityWeek