Supplemental Cyber Highlights – November 12, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Industrial companies in Europe targeted with GuLoader | Help Net Security
• Interlock Ransomware Targets US Healthcare, IT and Government Sectors | Infosecurity Magazine
• ACSC’s OT Cyber Security Principles: Call to action for critical infrastructure providers to boost cyber resilience | Industrial Cyber

IT Vulnerability Security Update

• November 2024 Patch Tuesday forecast: New servers arrive early | Help Net Security  
• Palo Alto Networks warns of potential PAN-OS RCE vulnerability | Bleeping Computer
• SAP Patches High-Severity Vulnerability in Web Dispatcher | SecurityWeek
• New Citrix Zero-Day Vulnerability Allows Remote Code Execution | Infosecurity Magazine
• Microsoft says recent Windows 11 updates break SSH connections | Bleeping Computer

IT Malware, Threats & Risks

• October 2024’s Most Wanted Malware: Infostealers Surge as Cyber Criminals Leverage Innovative Attack Vectors | Checkpoint
• Hackers now use ZIP file concatenation to evade detection | Bleeping Computer

Ransomware

• Major Oilfield Supplier Hit by Ransomware Attack | Infosecurity Magazine
• Critical Veeam RCE bug now used in Frag ransomware attacks | Bleeping Computer

Cyber Resilience, General Awareness & AI

• These major software firms took CISA’s secure-by-design pledge. Here’s how they’re implementing it | The Record
• The ROI of Security Investments: How Cybersecurity Leaders Prove It | The Hacker News
• How human ingenuity continues to outpace automated security tools | Help Net Security
• AI & LLMs Show Promise in Squashing Software Bugs | Dark Reading