Supplemental Cyber Highlights – March 28, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• CS4CA USA Summit 2024: IT and OT security leaders share insights on cyberattack mitigation and recovery strategies | Industrial Cyber
• Suspicious NuGet Package Harvesting Information From Industrial Systems | SecurityWeek
• FDD study reveals gaps in US military’s cyber talent recruitment and retention, calls for reforms | Industrial Cyber

IT Vulnerabilities & Security Updates

• Patch now: Mozilla patches two critical vulnerabilities in Firefox | Malwarebytes Labs
• Exposing a New BOLA Vulnerability in Grafana | Unit 42

IT Malware, Threats & Risks

• Recent ‘MFA Bombing’ Attacks Targeting Apple Users | Krebs on Security
• TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service | Bleeping Computer
• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice | The Hacker News
• Attackers leverage weaponized iMessages, new phishing-as-a-service platform | Help Net Security

Cyber Resilience & General Awareness

• How New-Age Hackers Are Ditching Old Ethics | Dark Reading
• Only 3% of Businesses Resilient Against Modern Cyber Threats | Infosecurity Magazine
• The Cyber Sleuth’s Handbook: Digital Forensics and Incident Response (DFIR) Essentials | Tripwire
• Essential elements of a strong data protection strategy | Help Net Security
• WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware | IT Security Guru
• Ransomware as a Service and the Strange Economics of the Dark Web | Bleeping Computer