Supplemental Cyber Highlights – April 25, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Exploiting a Classic Deserialization Vulnerability in Siemens SIMATIC Energy Manager | Claroty
• Dragos Industrial Ransomware Analysis: Q1 2024 | Dragos
• Forescout Research Elevates Warnings as Security Threats to Exposed Critical Infrastructure Go Ignored | Forescout
• 2023: A ‘Good’ Year for OT Cyberattacks | Dark Reading
• UnitedHealth confirms it paid ransomware gang to stop data leak | Bleeping Computer

IT Vulnerabilities, Security Updates, Malware, Threats & Risks

• Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking | SecurityWeek
• Google Patches Critical Chrome Vulnerability | SecurityWeek
• Maximum severity Flowmon bug has a public exploit, patch now | Bleeping Computer
• Suspected CoralRaider continues to expand victimology using three information stealers | Cisco Talos

Ransomware

• CISA ransomware warning program set to fully launch by end of 2024 | Cyberscoop
• Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit | SentinelOne

Cyber Resilience & General Awareness

• People doubt their own ability to spot AI-generated deepfakes | Help Net Security  
• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO
• Global attacker median dwell time continues to fall | Help Net Security