Supplemental Cyber Highlights – March 12, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure | SecurityWeek  
• Energy Software Provider Still Recovering from Attack | ISS Source
• The Far-Reaching Impacts of the Change Healthcare Attack | Decipher
• Biden’s budget proposal seeks funding boost for cybersecurity | Cyberscoop
• 2024 Annual Threat Assessment of the U.S. Intelligence Community | Office of the Director of National Intelligence

IT Vulnerabilities & Security Updates

• Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix | Malwarebytes Labs
• Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks | Security Week
• QNAP warns of critical auth bypass flaw in its NAS devices | Bleeping Computer

IT Malware, Threats & Risk

• Image-based phishing tactics evolve | Help Net Security
• Typosquatting Wave Shows No Signs of Abating | Dark Reading  
• February 2024’s Most Wanted Malware: WordPress Websites Targeted by Fresh FakeUpdates Campaign | Checkpoint

Ransomware

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics | Infosecurity Magazine

Cyber Resilience & General Awareness

• Time Travelers Busted: How to Detect Impossible Travel | Huntress
• How Not to Become the Target of the Next Microsoft Hack | Dark Reading
• PinnacleOne ExecBrief | Malicious Insider Threat to Strategic Enterprises | SentinelOne
• What Did We Learn from the 2023 Holiday Season? | DomainTools
• Annual State of Email Security by the Numbers | Cofense