Supplemental Cyber Highlights – April 11, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Physical Consequences Rise in OT: 2024 Threat Report | ISS Source
• The Hunt: Detecting VOLTZITE Threat Group Activity in Critical Infrastructure | Dragos
• Threat-centric vs. infrastructure-centric OT security | OTbase
• Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply | Dark Reading

IT Vulnerabilities & Security Updates

• Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption | SecurityWeek  
• Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution | CIS
• Fortinet Patches Critical RCE Vulnerability in FortiClientLinux | SecurityWeek
• New SharePoint flaws help hackers evade detection when stealing files | Bleeping Computer

IT Malware, Threats & Risks

• How BEC attacks are evolving in the AI era | SC Media
• Reusing passwords: The hidden cost of convenience | Bleeping Computer
• Analyzing CryptoJS Encrypted Phishing Attempt | Binary Defense
• XZ Utils Backdoor | Threat Actor Planned to Inject Further Vulnerabilities | SentinelOne

Cyber Resilience & General Awareness

• Frameworks, Guidelines & Bounties Alone Won’t Defeat Ransomware | Dark Reading  
• Top MITRE ATT&CK Techniques and How to Defend Against Them | Dark Reading
• How Nation-State DDoS Attacks Impact Us All | Dark Reading
• ENISA enhances cybersecurity culture with updated ‘Awareness Raising in a Box’ toolkit| Industrial Cyber
• Phishing Detection and Response: What You Need to Know | Cofense
• US Data Breach Reports Surge 90% Annually in Q1 | Infosecurity magazine