Supplemental Cyber Highlights – November 5, 2024
Created: Tuesday, November 5, 2024 - 14:23
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
- Strategies for Implementing Effective Threat Detection in IIoT | Tripwire
- Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation | SecurityWeek
- Can Automatic Updates for Critical Infrastructure Be Trusted? | Dark Reading
- US Congressional Research Service reports on PRC state-sponsored Salt Typhoon hacks on telecoms | Industrial Cyber
- NIST SP 800-161r1-upd1 document updates cybersecurity guidelines to tackle supply chain risks | Industrial Cyber
IT Vulnerability Security Update
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices | The Hacker News
- Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks | SecurityWeek
- PTZOptics cameras zero-days actively exploited in the wild | Security Affairs
IT Malware, Threats & Risks
- Microsoft confirms Windows Server 2025 blue screen, install issues | Bleeping Computer
- LastPass warns of fake support centers trying to steal customer data | Bleeping Computer
- 4 Main API Security Risks Organizations Need to Address | Dark Reading
- DocuSign’s Envelopes API abused to send realistic fake invoices | Bleeping Computer
Ransomware
- Ransomware’s Evolving Threat: The Rise of RansomHub, Decline of Lockbit, and the New Era of Data Extortion | Checkpoint
- Meet Interlock — The new ransomware targeting FreeBSD servers | Bleeping Computer
Cyber Resilience, General Awareness & AI
- Solving the painful password problem with better policies | Bleeping Computer
- Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign | SecurityWeek
- Maximizing security visibility on a budget | Help Net Security