Supplemental Cyber Highlights – April 23, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• How to Protect Water Systems Against Cyber Attack | Governing
• Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability | SecurityWeek
• MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration | Industrial Cyber
• Is Zero Trust Right for OT, Right Now? | Fortinet
• MITRE says state hackers breached its network via Ivanti zero-days | Bleeping Computer
• DC city agency says LockBit claims tied to third-party attack | The Record
• UnitedHealth CEO to testify about ransomware attack | The Record

IT Vulnerabilities, Malware, Threats & Risks

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack | The Hacker News
• Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam | Dark Reading
• Researchers find dozens of fake E-ZPass toll websites after FBI warning | The Record
• Russia’s APT28 Exploited Windows Print Spooler Flaw to Deploy ‘GooseEgg’ Malware | The Hacker News  

Cyber Resilience & General Awareness

• Top 10 physical security considerations for CISOs | CSO
• 6 security items that should be in every AI acceptable use policy | CSO
• Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery | The Hacker News
• Behavioral patterns of ransomware groups are changing | Help Net Security
• Where Hackers Find Your Weak Spots | Dark Reading