Supplemental Cyber Highlights – June 27, 2024
Created: Thursday, June 27, 2024 - 17:56
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector | SecurityWeek
- CDK expects car dealership system outage to last until at least June 30 | TheRecord
- Evolve Bank Data Leaked After LockBit’s ‘Federal Reserve Hack’ | SecurityWeek
- Hacking a $100K Gas Chromatograph without Owning One | Claroty
IT Vulnerabilities & Security Updates
- Progress Software elevates severity of new MOVEit bug to ‘critical’ as exploit attempts jump | TheRecord
- Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released | BleepingComputer
- Multiple vulnerabilities in TP-Link Omada system could lead to root access | Cisco Talos Intelligence
- Recent Zyxel NAS Vulnerability Exploited by Botnet | SecurityWeek
IT Malware, Threats & Risks
- Snowflake isn’t an outlier, it’s the canary in the coal mine | Cisco Talos Intelligence
- Attackers in Profile: menuPass and ALPHV/BlackCat | TrendMicro
- Why MFA alone will no longer suffice | SCMagazine
- The Growing Threat of Malware Concealed Behind Cloud Services | Fortinet
- Scarlet Goldfinch: Taking flight with NetSupport Manager | Red Canary
- Malvertising Campaign Leads to Execution of Oyster Backdoor | Rapid7
- I am Goot (Loader) | Cybereason
Breaches/Incidents
- Polyfill.io JavaScript supply chain attack impacts over 100K sites | BleepingComputer
- Polyfill claims it has been ‘defamed’, returns after domain shut down | BleepingComputer
- Cloudflare: We never authorized polyfill.io to use our name | BleepingComputer
Cyber Resilience