Supplemental Cyber Highlights – July 16, 2024
Created: Tuesday, July 16, 2024 - 17:36
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Indiana county files disaster declaration following ransomware attack | The Record
- October ransomware attack on Dallas County impacted over 200,000 people | Security Affairs
- Car dealership company AutoNation says CDK ransomware incident cut into quarterly earnings | The Record
- Alleged Disney breach admitted by suspected LockBit-linked hacktivist group | SC Magazine
IT Vulnerabilities & Security Updates
- CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Trendmicro
- CVE-2024-30078: Patch Your Wi-Fi Now! | AT&T
- Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found | SecurityWeek
- Netgear warns users to patch auth bypass, XSS router flaw | Bleeping Computer
IT Malware, Threats, & Risks
- Threat Spotlight: Attackers abuse URL protection services to mask phishing links | Barracuda
- “Reply-chain phishing” with a twist | SANS Internet Storm Center
- 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit | The Hacker News
- New FishXProxy Phishing Kit Making Phishing Accessible to Script Kiddies | Hackread
- CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool | Bleeping Computer
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts | Help Net Security
Ransomware/Extortion
- SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks | Bleeping Computer
- BianLian Ransomware Group: 2024 Activity Analysis | Juniper Networks
- RansomHub Ransomware – What You Need To Know | Tripwire
- ARRL finally confirms ransomware gang stole data in cyberattack | Bleeping Computer
Cyber Resilience, General Awareness & AI
- Microsoft chided for spam-looking APT29 hack notifications | SC Magazine
- How to design a third-party risk management framework | Help Net Security
- Five security risks from Generative AI | SC Magazine