Supplemental Cyber Highlights – February 8, 2024
Created: Thursday, February 8, 2024 - 19:03
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Microsoft: Iran is refining its cyber operations | Cyberscoop
- Third-party breaches hit 90% of top global energy companies | Security Intelligence
- Verizon insider data breach hits over 63,000 employees | Bleeping Computer
IT Vulnerabilities/Security Updates
- Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure | Bleeping Computer
- Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks | Trendmicro
- Canon Patches 7 Critical Vulnerabilities in Small Office Printers | Security Week
- QNAP Patches High-Severity Bugs in QTS, Qsync Central | Security Week
- Most Linux Systems Exposed to Complete Compromise via Shim Vulnerability | Security Week
- THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation | cybereason
IT Malware/Threats/Risks
- Raspberry Robin Keeps Riding the Wave of Endless 1-Days | Check Point Research
- As-a-Service tools empower criminals with limited tech skills | Help Net Security
- Malware-as-a-Service Now the Top Threat to Organizations | Infosecurity Magazine
- How to tell if your toothbrush is being used in a DDoS attack | Malwarebytes Labs
- 3 million smart toothbrushes were just used in a DDoS attack. Really | ZDnet
- AnyDesk says software ‘safe to use’ after cyberattack | The Record
- Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials | The Hacker News
- ResumeLooters target job search sites in extensive data heist | Help Net Security
Ransomware
- Ransomware payments reached record $1.1 billion in 2023 | Bleeping Computer
General Awareness Preparedness/Resilience
- Tech Giants Form Post-Quantum Cryptography Alliance | Security Week
- Computer viruses are celebrating their 40th birthday (well, 54th, really) | Sans Technology Institute
- New Guide: How to Protect Your Website from Phishing | Sucuri
- White House ramping up efforts to combat deepfakes | Cyberscoop