Supplemental Cyber Highlights – November 7, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

• Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems | Dark Reading
• ENISA hosts 9th eHealth security conference to tackle cybersecurity challenges in healthcare | Industrial Cyber
• Food and Ag-ISAC publishes cyber threat report, broadens scope beyond ransomware | Industrial Cyber

IT Vulnerability Security Update

• Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) | Help Net Security
• Update your Android: Google patches two zero-day vulnerabilities | Malwarebytes

IT Malware, Threats & Risks

• A Snapshot of Cyber Threats: Highlights from the ENISA Threat Landscape 2024 Report | Tripwire
• 5 Most Common Malware Techniques in 2024 | The Hacker News  
• Hidden in the Crowd: The Risk of Group-Delivered Malware | Cofense
• SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims | The Hacker News
• Critical bug in Cisco UWRB access points allows attackers to run commands as root | Security Affairs

Ransomware

• Unwrapping the emerging Interlock ransomware attack | Cisco Talos
• GoZone ransomware accuses and threatens victims | Help Net Security

Cyber Resilience, General Awareness & AI

• NCSC Publishes Tips to Tackle Malvertising Threat | Infosecurity Magazine
• Keys to Defending Against AI Phishing Threats | Cofense
• How AI will shape the next generation of cyber threats | Help Net Security