Supplemental Cyber Highlights – May 16, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Law enforcement data stolen in Wichita ransomware attack | The Record
• Royal Tiger robocall gang impersonated feds, banks, utilities, FCC says | SC Media
• What NSM-22 Means for Critical Infrastructure Owners and Operators | Nozomi Networks
• New Claroty report focuses on challenges and priorities of federal OT cyber incidents | Industrial Cyber

IT Vulnerabilities & Security Updates

• Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) | Help Net Security  

IT Malware, Threats & Risks

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks | Bleeping Computer
• How attackers deliver malware to Foxit PDF Reader users | Help Net Security
• Scammers Fake Docusign Templates to Blackmail & Steal From Companies  | Dark Reading

Ransomware

• Windows Quick Assist abused in Black Basta ransomware attacks | Bleeping Computer
• Ransomware statistics that reveal alarming rate of cyber extortion | Help Net Security

Cyber Resilience & General Awareness

• (Cyber) Risk = Probability of Occurrence x Damage | The Hacker News
• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled | Infosecurity Magazine
• Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics | Tech Republic