Supplemental Cyber Highlights – August 22, 2023
Created: Tuesday, August 22, 2023 - 16:18
Categories: Cybersecurity, OT-ICS Security, Physical Security, Security Preparedness
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Cybersecurity Funding for State, Local, and Tribal Nations and Electric Utilities (Cisco)
- Energy One reports cyber attack on corporate systems in Australia, UK; affects UK critical infrastructure operators (Industrial Cyber)
- The Philosophy and History Behind Compliance, And Its Necessity for Protecting Critical Infrastructure (Industrial Defender)
- Lack of UPS Maintenance Leads to Failures (ISS Source)
- Visibility Is Just Not Enough to Secure Operational Technology Systems (Dark Reading)
IT Vulnerabilities & Threats
- Another Ivanti (formerly MobileIron Sentry) vulnerability, patch ‘em if ya got ‘em! Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability (Security Week)
- Cisco Patches High-Severity Vulnerabilities in Enterprise Applications (Security Week)
- Companies Respond to ‘Downfall’ Intel CPU Vulnerability (Security Week)
- Alarming lack of cybersecurity practices on world’s most popular websites (Security Affairs)
- Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams (Malwarebytes)
Ransomware
- Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America (BlackBerry)
- “Cuba’s initial access vector appears to be compromised admin credentials via RDP, not involving brute forcing.”
- Microsoft: BlackCat’s Sphynx ransomware embeds Impacket, RemCom (Bleeping Computer)
- H1 2023: Ransomware’s Pivot to Linux and Vulnerable Drivers (Recorded Future)
- Resilience, Recovery Strategies to Combat Ransomware and Extortion (Claroty Nexus)
- THREAT ANALYSIS: Assemble LockBit 3.0 (Cyber Reason)
Cyber Resilience
- Check this out for added controls on physical security: Demystifying Duo APIs: Advanced Security with Duo Integrations (Cisco)
- IT’s rising role in physical security technology (HelpNetSecurity)
- Ultimate New Hire Onboarding Checklist: Your Roadmap to Success (HackRead)
- There are some good ideas, including a test out option for security awareness training (mostly for the security staff): Tasks that bog down security teams (and what to do about them) (CSO Online)
Technical Posts (for security analysts, sysadmins, and other nerds)
- Securely implementing Active Directory on Windows Server 2019 (AT&T Cybersecurity)
- Unveiling the Hidden Risks of Routing Protocols (Dark Reading)
- Volatility Workbench: Empowering memory forensics investigations (AT&T Cybersecurity)
- SystemBC Malware Activity (SANS Internet Storm Center)
- Gone Phishing: An Analysis of a Targeted User Attack (Huntress)