Supplemental Cyber Highlights – August 13, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Vulnerabilities, Threats & Resilience

• Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks | The Hacker News
• What’s the Scoop on FrostyGoop: The Latest ICS Malware and ICS Controls Considerations | SANS
• MITRE seeks contributions for ICS ATT&CK evaluations to enhance emulation | Industrial Cyber

IT Vulnerabilities & Security Updates

• FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability | The Hacker News
• Windows Downdate attack totally undermines Windows security; fix not yet ready | SC Magazine
• Vulnerability in Windows Driver Leads to System Crashes | Infosecurity Magazine
• RCE likely with exploitation of several now-addressed Google Quick Share bugs | SC Magazine

IT Malware, Threats & Risks

• 35% of exposed API keys still active, posing major security risks | Help Net Security
• Understanding Social Engineering Tactics: 8 Attacks to Watch Out For | Tripwire

Ransomware

• Ongoing Social Engineering Campaign Refreshes Payloads | Rapid7
• 74% of ransomware victims were attacked multiple times in a year | Help Net Security

Cyber Resilience & General Awareness

• How CIOs, CTOs, and CISOs view cyber risks differently | Help Net Security
• Microsoft: Windows 11 22H2 reaches end of support in 60 days | Bleeping Computer
• Kicking cyber security down the road can come back to bite you | IT Security Guru