Supplemental Cyber Highlights – January 18, 2024
Created: Thursday, January 18, 2024 - 19:13
Categories: Cybersecurity
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Air Gap Level Security via Data Diodes (ISS Source)
- FYSA: Industrial Defender collaborates with Dragos to enhance outcomes for OT operators (Help Net Security)
IT Malware, Threats, & Risks
- MFA Spamming and Fatigue: When Security Measures Go Wrong (The Hacker News)
- Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint)
- List Containing Millions of Credentials Distributed on Hacking Forum, but Passwords Old (Security Week)
IT Vulnerabilities
- More Scans for Ivanti Connect “Secure” VPN. Exploits Public (ISC SANS)
- New Bluetooth vulnerability allows takeover of iOS, Android, Linux, and MacOS devices (CSO Online)
- PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft (The Hacker News)
- Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! (The Hacker News)
- Google fixes first actively exploited Chrome zero-day of 2024 (Bleeping Computer)
- Oracle Patches 200 Vulnerabilities With January 2024 CPU (Security Week)
Ransomware Resilience
- Outsmarting Ransomware’s New Playbook (Security Week)
- Ransomware negotiation: When cybersecurity meets crisis management (Help Net Security)
- Ransomware attacks leave small business owners feeling suicidal, report says (The Record)
General Preparedness/Resilience
- Guidance to Boost a Cybersecurity Program (ISS Source)
- How to protect your organization from malicious macros (ITSAP.00.200) (Canadian Centre for Cyber Security)
Network Defenders/Security Analysts/Sys Admins
- P2PInfect Worm Evolves to Target a New Platform (Nozomi Networks)
- Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers (CISCO Talos)
- Number Usage in Passwords (ISC SANS)