Supplemental Cyber Highlights – September 19, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience 

• Critical Infrastructure at Risk From Email Security Breaches | Infosecurity Magazine
• CPR data reports 32% rise this year, as global healthcare sector faces surge in cyberattacks | Industrial Cyber
• North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware | The Hacker News

IT Vulnerability Security Update

• Critical VMware vCenter Server bugs fixed (CVE-2024-38812) | Help Net Security
• Chrome 129 Patches High-Severity Vulnerability in V8 Engine | SecurityWeek
• D-Link Patches Critical Router Vulnerabilities | SecurityWeek

IT Malware, Threats & Risks

• Threat Actors Continue to Utilize HR-Related Phishing Tactics | Cofense
• Organizations overwhelmed by numerous and insecure remote access tools | Help Net Security
• Over 1,000 ServiceNow instances found leaking corporate KB data| Bleeping Computer

Ransomware

• DOJ OIG Releases Report on DOJ’s Strategy to Combat and Respond to Ransomware Threats and Attacks | U.S. DOJ OIG
• Ransomware gangs now abuse Microsoft Azure tool for data theft | Bleeping Computer
• Infostealers: An Early Warning for Ransomware Attacks | Dark Reading

Cyber Resilience, General Awareness

• Cloudflare outage cuts off access to websites in some regions | Bleeping Computer
• SIEM for Small and Medium-Sized Enterprises: What you need to know | Security Affairs
• Why Pay A Pentester? | The Hacker News