Supplemental Cyber Highlights – November 26, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

• Vulnerabilities Expose mySCADA myPRO Systems to Remote Hacking | SecurityWeek
• CISA’s chemical SSGs focus on strengthening cyber defenses, protecting from cyber threats | Industrial Cyber
• UK drinking water supplies disrupted by record number of undisclosed cyber incidents | The Record

IT Vulnerability Security Update

• Firefox and Windows zero-days exploited by Russian RomCom hackers | Bleeping Computer
• QNAP addresses critical flaws across NAS, router software | Bleeping Computer
• Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform | Cisco Talos

IT Malware, Threats & Risks

• The Black Friday Cybercrime Economy | Check Point
• Malware linked to Salt Typhoon used to hack telcos around the world | Cyberscoop
• The Overlooked Danger Within: Managing Insider Threats | Tripwire

Ransomware

• Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024 | Infosecurity Magazine

Cyber Resilience, General Awareness, & AI

• Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites | The Hacker News
• Walking the Walk: How Tenable Embraces Its “Secure by Design” Pledge to CISA | Tenable
• Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps | Tenable
• Phishing Prevention Framework Reduces Incidents by Half | Dark Reading