Supplemental Cyber Highlights – June 13, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

• New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward – Security Week
• SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint – Security Week
• Americans ‘Need to Be Prepared’ for Chinese Cyberattacks – Voice of America
• Obfuscation tool ‘BatCloak’ evades 80% of AV engines – SC Magazine
• Top vulnerabilities so far of 2023: Apache Superset, Papercut, MOVEit and, yes, ChatGPT – SC Magazine
• Business Email Compromise: The $50 Billion Scam – FBI
• COSMICENERGY Malware Is Not an Immediate Threat to Industrial Control Systems – Dragos
  • Confirmation of prior WaterISAC assessment – OT/ICS Threat Awareness – COSMICENERGY: New OT-Focused Malware Discovered by Mandiant
• Thoughts on scheduled password changes (don’t call them rotations!) – Sophos