Supplemental Cyber Highlights – August 22, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• AI in OT Security — Balancing Industrial Innovation and Cyber Risk | Palo Alto Networks

IT Vulnerabilities & Security Updates

• Cisco Patches High-Severity Vulnerability Reported by NSA| SecurityWeek  
• Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira | SecurityWeek
• New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)| Help Net Security
• August Windows updates break dual boot on some Linux systems | Bleeping Computer

IT Malware, Threats & Risks

• Unwanted Access: Protecting Against the Growing Threat of Session Hijacking and Credential Theft| Huntress
• Gh0st RAT, Mimikatz spread via new UULoader malware | SC Magazine
• Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue | SecurityWeek
• Fraudulent Slack ad shows malvertiser’s patience and skills | Malwarebytes Labs

Ransomware/Extortion

• Most Ransomware Attacks Now Happen at Night | Infosecurity Magazine  
• Qilin ransomware caught stealing credentials stored in Google Chrome | Sophos
• How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack | Trendmicro
• WithSecure Labs: Ransomware Landscape H1/2024 report | WithSecure

Cyber Resilience, General Awareness & Artificial Intelligence

• The Facts About Continuous Penetration Testing and Why It’s Important | The Hacker News
• How regulatory standards and cyber insurance inform each other | We Live Security
• Now is the Time for Organizations to Adopt the Future-Dated Requirements of PCI DSS v4.x | PCI Security Standards Council
• Unlocking the Power of AI in Cybersecurity | SecurityWeek