Supplemental Cyber Highlights – February 1, 2024
Created: Thursday, February 1, 2024 - 20:05
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- OT Cybersecurity Best Practices for SMBs: Should You Use a USB to Transfer Files to an OT Environment? | Dragos
- OT Cybersecurity Best Practices for SMBs: Managing Default Passwords and Identifying ICS/OT Devices Exposed to the Internet | Dragos
- Support Vendor Laptops Continue To Be A Challenge | Digital Bond
- ISA/IEC 62433 Explained: Best Practices for IACS Cybersecurity | Nozomi Networks
- GAO: Federal agencies lack insight on ransomware protections for critical infrastructure | CyberScoop
- 10 years on from the Target breach. Has building cyber security improved? | PenTestPartners
Critical Infrastructure Incidents and Vulnerabilities
- Georgia’s largest county confirms cyberattack causing widespread issues | The Record
- Ohio city ransomware attack affects nearly 6K | SC Magazine
- Cyberattacks on state and local governments rose in 2023, says CIS report | StateScoop
- Johnson Controls Ransomware Attack: Data Theft Confirmed, Cost Exceeds $27 Million | Security Week
- Pentagon investigating theft of sensitive files by ransomware group | CyberScoop
- Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet | Security Week
IT Vulnerabilities, Malware, Threats & Risks
- A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs | HelpNetSecurity
- Evolution of UNC4990: Uncovering USB Malware’s Hidden Depths | Mandiant
- Mother of all Breaches may contain NEW breach data | Malwarebytes
- Audio-jacking: Using generative AI to distort live audio transactions | Security Intelligence
- ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign | Palo Alto Unit42
- Pawn Storm Uses Brute Force and Stealth Against High-Value Targets | TrendMicro
- DarkGate malware delivered via Microsoft Teams – detection and response | AT&T Cybersecurity
- New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility | The Hacker News
- Security Brief: ‘Tis the Season for Tax Hax | Proofpoint
- FBI: Tech support scams now use couriers to collect victims’ money | BleepingComputer