Supplemental Cyber Highlights – May 21, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• US says cyberattacks against water supplies are rising, and utilities need to do more to stop them | AP News
• EPA will step up inspections of water sector cybersecurity | CyberScoop
• EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems | SecurityWeek
• OmniVision discloses data breach after 2023 ransomware attack | BleepingComputer
• American Radio Relay League cyberattack takes Logbook of the World offline | Bleeping Computer
• Traversing the 2023 Operational Technology Cyber Threat Landscape | Dragos
• Critical Infrastructure Protection in Modern Society | Industrial Cyber

IT Vulnerabilities & Security Updates

• QNAP QTS zero-day in Share feature gets public RCE exploit | Bleeping Computer
• Intel Discloses Max Severity Bug in Its AI Model Compression Software | Dark Reading

IT Malware, Threats & Risks

• Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns | The Hacker News
• YouTube has become a significant channel for cybercrime | HelpNetSecurity
• Report: Cat-phishing of legitimate websites on the rise |SCMagazine

Cyber Resilience & General Awareness

• Unpatched vulnerabilities making bad ransomware outcomes worse: What you need to know | SCMagazine
• What is real-time protection and why do you need it? | Malwarebytes Labs
• Over 60% of Network Security Appliance Flaws Exploited as Zero Days | Infosecurity Magazine