Supplemental Cyber Highlights – February 15, 2024
Created: Thursday, February 15, 2024 - 20:05
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon) | Unit42
- Voltzite espionage hackers launch operations against US critical infrastructure, Dragos urges enhanced detection strategies | Industrial Cyber
- LockBit claims ransomware attack on Fulton County, Georgia | Bleeping Computer
- DOD notifying people who may be impacted by a year-old data breach | DefenseScoop
IT Vulnerabilities & Security Updates
- Ivanti VPN Flaw Exploited to Inject Novel Backdoor; Hundreds Pwned | Dark Reading
- Zoom patches critical privilege elevation flaw in Windows apps | Bleeping Computer
- Microsoft Confirms Windows Exploits Bypassing Security Features | Security Week
- Microsoft: New critical Exchange bug exploited as zero-day | Bleeping Computer
- Check Point Research Unveils Critical #MonikerLink Vulnerability in Microsoft Outlook with a 9.8 CVSS Severity Score | Check Point
IT Malware, Threats & Risks
- How are attackers using QR codes in phishing emails and lure documents? | Cisco Talos
- QR Phishing. Fact or Fiction? | Pen Test Partners
- Corporate users getting tricked into downloading AnyDesk | Help Net Security
- Remote Monitoring & Management software used in phishing attacks | Malwarebytes Labs
- Microsoft, Midnight Blizzard, and the Scourge of Identity Attacks | Zscaler Blog
- U.S. Organizations Targeted in Bumblebee Malware Campaign | Decipher
General Awareness & Resilience
- How ransomware changed in 2023 | Malwarebytes Labs
- Google: Iranian, regional hacking operations that target Israel remain opportunistic but focused | Cyberscoop
- 5 Steps to Improve Your Security Posture in Microsoft Teams | Bleeping Computer
- U.S. Internet Leaked Years of Internal, Customer Emails | Krebson Security