Supplemental Cyber Highlights – November 21, 2024
Created: Thursday, November 21, 2024 - 14:32
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
- ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks | SecurityWeek
- A timeline of cyber-resilience: fortifying critical national infrastructure | IT Security Guru
- Bipartisan Senate bill targets supply chain threats from foreign adversaries | Cyberscoop
IT Vulnerability Security Update
- Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 | Unit 42
- CVE-2024-0012, CVE-2024-9474: Zero-Day Vulnerabilities in Palo Alto PAN-OS Exploited In The Wild | Tenable
- Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation | The Hacker News
- D-Link Warns of RCE Vulnerability in Legacy Routers | SecurityWeek
- Fortinet VPN design flaw hides successful brute-force attacks | Bleeping Computer
IT Malware, Threats & Risks
- 2,000 Palo Alto Networks devices compromised in latest attacks | Help Net Security
- Communication platforms play a major role in data breach risks | Security Intelligence
- OWASP Warns of Growing Data Exposure Risk from AI in New Top 10 List for LLMs | Infosecurity Magazine
Ransomware
- Akira Ransomware Drops 30 Victims on Leak Site in One Day | SecurityWeek
- New ‘Helldown’ Ransomware Variant Expands Attacks to VMware and Linux Systems | The Hacker News
- BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk | Infosecurity Magazine
- Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware | Unit 42
Cyber Resilience, General Awareness, & AI
- Risky Biz News: Microsoft announces Quick Machine Recovery, a feature to fix future CrowdStrike disasters | Risky Biz News
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority | The Hacker News
- Why AI alone can’t protect you from sophisticated email threats | Help Net Security