Supplemental Cyber Highlights – September 24, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure & Resilience

• Cyberattacks on U.S. Utilities Surged 70% This Year, Says Check Point | Homeland Security Today
• FERC proposes enhanced cybersecurity standards to protect US bulk power systems from malicious threats | Industrial Cyber

IT Vulnerability Security Update

• CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF | SecurityWeek  
• ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products | SecurityWeek
• Unpatched Vulnerabilities Expose Riello UPSs to Hacking: Security Firm | SecurityWeek

IT Malware, Threats & Risks

• The Latest Email Scams: Key Trends to Look Out For | Tripwire
• 65% of websites are unprotected against simple bot attacks | Help Net Security
• North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages | Security Affairs

Ransomware/Extortion

• Akira Ransomware Indicators | Huntress
• ENISA Threat Landscape 2024 identifies availability, ransomware, data attacks as key cybersecurity threats | Industrial Cyber
• How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections | Trendmicro  
• How cyber compliance helps minimize the risk of ransomware infections | Help Net Security

Cyber Resilience, General Awareness

• How to manage shadow IT and reduce your attack surface | Bleeping Computer
• Why ‘Never Expire’ Passwords Can Be a Risky Decision | The Hacker News
• Managing Cyber-Risk Is No Different Than Managing Any Business Risk | Dark Reading
• Future-proofing cybersecurity: Why talent development is key | Help Net Security