Supplemental Cyber Highlights – August 8, 2024
Created: Thursday, August 8, 2024 - 18:58
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Easterly: Potential Chinese cyberattack could unfold like CrowdStrike error | Cyberscoop
- How network segmentation can strengthen visibility in OT networks | Help Net Security
- Rockwell PLC Security Bypass Threatens Manufacturing Processes | Dark Reading
- New Forescout-Finite State research exposes security risks in OT, IoT routers with outdated software components | Industrial Cyber
- Enhancing national infrastructure security by harmonization of cybersecurity standards in OT/ICS environments | Industrial Cyber
IT Vulnerabilities
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) | Help Net Security
- Google fixes Android kernel zero-day exploited in targeted attacks | Bleeping Computer
- Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) | Help Net Security
IT Malware, Threats & Risks
- North Korea-linked hackers target construction and machinery sectors with watering hole and supply chain attacks | Security Affairs
- Windows Update Flaws Allow Undetectable Downgrade Attacks | SecurityWeek
- The Evolution of Phishing: How AI is Revolutionizing Cybersecurity Threats | Cofense
- Microsoft 365 anti-phishing feature can be bypassed with CSS | Bleeping Computer
Ransomware
- Ransomware in 2024: More Attacks, More Leaks, and Increased Sophistication | SecurityWeek
- Ransomware operators continue to innovate | Help Net Security
Cyber Resilience & General Awareness
- CrowdStrike Will Give Customers Control Over Falcon Sensor Updates | Dark Reading
- How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply | Bleeping Computer
- Monitoring Changes in KEV List Can Guide Security Teams | Dark Reading
- SEC ends probe into MOVEit attacks impacting 95 million people | Bleeping Computer