Supplemental Cyber Highlights – December 17, 2024
Created: Tuesday, December 17, 2024 - 14:00
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- 2024 in retrospect: Lessons learned and cyber strategies shaping future of critical infrastructure | Industrial Cyber
- CISA’s 2024 Year in Review document details cyber defense, infrastructure protection milestones | Industrial Cyber
- Statement from President Joe Biden on the 50th Anniversary of the Safe Drinking Water Act | The White House
- Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat | Dark Reading
IT Vulnerability Security Updates
- Windows kernel bug now exploited in attacks to gain SYSTEM privileges | Bleeping Computer
- Citrix shares mitigations for ongoing Netscaler password spray attacks | Bleeping Computer
- Critical Vulnerabilities Found in Ruijie Reyee Cloud Management Platform | SecurityWeek
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection | The Hacker News
IT Malware, Threats & Risks
- Google Calendar Notifications Bypassing Email Security Policies | Check Point
- PHP backdoor looks to be work of Chinese-linked APT group | Cyberscoop
- Russian cyberspies target Android users with new spyware | Bleeping Computer
- PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms | Security Affairs
- Malvertising on steroids serves Lumma infostealer | Help Net Security
Ransomware
- Clop ransomware claims responsibility for Cleo data theft attacks | Bleeping Computer
- Akira and RansomHub Surge as Ransomware Claims Reach All-Time High | Infosecurity Magazine
Cyber Resilience, General Awareness, & AI
- The shifting security landscape: 2025 predictions and challenges | Help Net Security
- Overlooking platform security weakens long-term cybersecurity posture | Help Net Security
- Link Trap: GenAI Prompt Injection Attack | Trendmicro