Supplemental Cyber Highlights – August 1, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Cloud CISO Perspectives: Why water security can’t wait | Google
• Key Insights for NERC CIP-015 Compliance: Anomaly Detection vs. Detecting Anomalous Activity | Dragos
• Columbus investigates whether data was stolen in ransomware attack | Bleeping Computer

IT Vulnerabilities

• Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains | SecurityWeek  
• Microsoft calls out apparent ESXi vulnerability that some researchers say is a ‘nothing burger’  | Cyberscoop

IT Malware, Threats & Risks

• Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft | Trendmicro
• Phishing Attack Steals Donations from Trump Voters Using Fake Websites | Hackread
• BEC Attacks Surge 20% Annually Thanks to AI Tooling | Infosecurity Magazine
• Threat Actor Abuses Cloudflare Tunnels to Deliver RATs | Proofpoint

Ransomware

• Zscaler’s Annual Ransomware Report Uncovers Record-Breaking Ransom Payment of US$75 Million, Reinforcing the Need for Zero Trust | Zscaler
• How “professional” ransomware variants boost cybercrime groups| Securelist  
• Are Ransomware Attacks Still a Growing Threat in 2024? | AT&T

Cyber Resilience & General Awareness

• Is your password policy working? Key cybersecurity KPIs to measure | Bleeping Computer
• Why and How You Should Secure Third-Party Access to Apps | Zscaler
• Google Chrome adds app-bound encryption to block infostealer malware | Bleeping Computer
• Addressing communication roadblocks to overcome cybersecurity threats | IT Security Guru
• Navigating the Evolving Landscape of Cybersecurity | Team CYMRU
• Don’t Let Your Domain Name Become a “Sitting Duck” | Krebs on Security