Supplemental Cyber Highlights – August 17, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Get the AT&T Cybersecurity Insights Report: Focus on US SLED (AT&T Cybersecurity)

IT Vulnerabilities (patch ‘em if ya got ‘em), Threats & Malware

• (Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise (HelpNetSecurity)
• Two unauthenticated stack buffer overflows found in Ivanti Avalanche EMM (Security Affairs)
• Chrome 116 Patches 26 Vulnerabilities (Security Week)
• Threat Actors Leverage Internet Services to Enhance Data Theft and Weaken Security Defenses (Recorded Future)
  • The report addresses a crucial gap in understanding by offering a systematic overview of legitimate internet services (LIS) abuse across malware categories.
• Mirai Common Attack Methods Remain Consistent, Effective (Dark Reading)
• Top 10 Malware Q2 2023 – By: The Cyber Threat Intelligence (CTI) team at the Multi-State Information Sharing and Analysis Center (The Center for Internet Security)
• Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks (CSO Online)
• Raccoon Stealer malware returns with new stealthier version (Bleeping Computer)
• A Gentle Reminder: The Evolving Nature of Digital Scams (SANS Internet Storm Center)
• How & Why Cybercriminals Fabricate Data Leaks (Dark Reading)

Ransomware Resilience

• 3 strategies that can help stop ransomware before it becomes a crisis (CSO Online)

Cyber Resilience

• Why You Need Continuous Network Monitoring? (The Hacker News)
• 6 best practices to defend against corporate account takeover attacks (CSO Online)
• Essential Cyber Hygiene: Making Cyber Defense Cost Effective (The Center for Internet Security)
• Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security (The Hacker News)

Security Awareness

• This looks like a good one to share with users: Movies and Malicious Behavior – Ken Warnings Signs to Look out For (DomainTools)

Technical Posts (for security analysts, sysadmins, and other nerds)

• This is a good read! Stories from the SOC – Unveiling the stealthy tactics of Aukill malware (AT&T Cybersecurity)
  • The investigation revealed the attacker used AuKill malware on the client’s print server to disable the server’s installed EDR solution by brute forcing an administrator account and downgrading a driver to a vulnerable version.
  • This malware has been observed in the wild, utilized by ransomware groups to bypass endpoint security measures and effectively spread ransomware variants such as Medusa Locker and Lockbit on vulnerable systems.