Supplemental Cyber Highlights – November 30, 2023
Created: Thursday, November 30, 2023 - 17:11
Categories: Cybersecurity
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- What You Need to Know about the Pennsylvania Water Authority’s Breach (Check Point)
- Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S. (The Hacker News)
- Slovenian Electrical Utility HSE Suffers Ransomware Attack (Dark Reading)
- Understanding OT Cybersecurity Risks in the Energy Sector (Fortinet)
IT Vulnerabilities & Threats
- New BlackBerry Threat Report Reveals 70% Surge in Novel Malware Attacks (BlackBerry)
- Exploiting IP-video Surveillance Systems Is Not Only a Cybersecurity Threat (Otorio)
- Exploitation of Critical ownCloud Vulnerability Begins (Security Week)
- New BLUFFS attack lets attackers hijack Bluetooth connections (Bleeping Computer)
- Okta: October data breach affects all customer support system users (Bleeping Computer)
- Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (Hackread)
Ransomware
- Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive (Malwarebytes)
- Black Basta ransomware made over $100 million from extortion (Bleeping Computer)
- DJVU Ransomware’s Latest Variant ‘Xaro’ Disguised as Cracked Software (The Hacker News)
Cyber Resilience
- CISA plans to launch ReadySetCyber tool in early 2024 to integrate cybersecurity into business decisions (Industrial Cyber)
- Organizations can’t ignore the surge in malicious web links (Help Net Security)
- What cybersecurity pros can learn from first responders (Security Intelligence)
- Rise of the cyber CPA: What it means for CISOs (CSO Online)