Supplemental Cyber Highlights – June 18, 2024
Created: Tuesday, June 18, 2024 - 18:51
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Fitch-Rated U.S. Water and Sewer Utilities Resilient to Cyber Risks | Fitch Ratings
- Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT | SecurityWeek
- Why Regulated Industries are Turning to Military-Grade Cyber Defenses | The Hacker News
- 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency | SecurityWeek
- Cleveland confirms ransomware attack as City Hall remains closed | TheRecord
- Assessing OT Cybersecurity Maturity with the SANS ICS 5 Critical Controls | Dragos
- Prepare to Implement NERC CIP-015 Internal Network Security Monitoring (INSM) Requirements | Dragos
- Gauging maturity of secure remote access as cybersecurity demands grow in operational, industrial environments | Industrial Cyber
- Nozomi Networks Labs Announces Vulnerabilities Affecting the AiLux RTU62351B and the “Codename I11USION” Whitepaper | Nozomi Networks
- Ascension Attack Caused by Employee Downloading Malicious File | Infosecurity Magazine
IT Vulnerabilities & Security Updates
- VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi | TheHackerNews
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now | BleepingComputer
- PoC Exploit Emerges for Critical RCE Bug in Ivanti Endpoint Manager | DarkReading
- New ARM ‘TIKTAG’ attack impacts Google Chrome, Linux systems | BleepingComputer
IT Malware, Threats, and Risks
- Facebook, Meta, Apple, Amazon Most Impersonated in Phishing Scams | HackRead
- New phishing toolkit uses PWAs to steal login credentials | BleepingComputer
- Attack Paths Into VMs in the Cloud | Unit42
- Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer | TheHackerNews
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor | TheHackerNews
- New NetSupport Campaign Delivered Through MSIX Packages | SANS Internet Storm Center
Cyber Resilience & General Awareness
- Protect Yourself from Summer Vacation Scams: Stay Cyber Aware During Your Vacation | CheckPoint
- The Financial Dynamics Behind Ransomware Attacks | Security Affairs
- Disaster recovery vs ransomware recovery: Why CISOs need to plan for both | CSO Online
- Insurance Company Globe Life Investigating Data Breach | SecurityWeek
- Microsoft Admits Security Failings Allowed China to Access US Government Emails | Infosecurity Magazine