Supplemental Cyber Highlights – July 2, 2024

Author: Jennifer Walker

Created: Tuesday, July 2, 2024 - 18:57

Categories: Cybersecurity, OT-ICS Security, Security Preparedness

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

IT Vulnerabilities & Security Updates

Juniper Networks Warns of Critical Authentication Bypass Vulnerability | SecurityWeek
Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies | SecurityWeek
Splunk Patches High-Severity Vulnerabilities in Enterprise Product | SecurituWeek
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack | SecurityWeek
Fortra Patches Critical SQL Injection in FileCatalyst Workflow |SecurityWeek
MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems | Fortinet
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords | BleepingComputer

IT Malware, Threats & Risks

Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack | SecurityWeek
TeamViewer: Hackers copied employee directory and encrypted passwords | TheRecord
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz | Rapid7
New Unfurling Hemlock threat actor floods systems with malware | BleepingComputer
8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining | TheHackerNews

Cyber Resilience & General Awareness

‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments | TheRecord
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities | TheHackerNews
Keep the Cloud Secure with CIS after Migrating to the Cloud | Center for Internet Security (CIS)
Want to scale cyber defenders? Focus on AI-enabled security and organization-wide training | CyberScoop