Supplemental Cyber Highlights – October 1, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Balancing challenges of building effective OT cybersecurity teams across OT/ICS environments | Industrial Cyber

IT Vulnerability Security Update

• Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now | The Hacker News
• CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities | Tenable
• Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers | The Hacker News  

IT Malware, Threats & Risks

• The Growing Threat Of Fake Job Applicants | Tripwire
• Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials | The Hacker News
• Cracking the Cloud: The Persistent Threat of Credential-Based Attacks | SecurityWeek
• Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA | The Hacker News

Ransomware

• Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts | Help Net Security
• Microsoft: Cloud Environments of US Organizations Targeted in Ransomware Attacks | SecurityWeek
• Use Windows event logs for ransomware investigations, JPCERT/CC advises | Help Net Security

Cyber Resilience & General Awareness

• How to Safeguard Your Systems from Linux CUPS Vulnerabilities | Checkpoint
• CISA pledges to resolve issues with threat sharing system after watchdog report | The Record
• Verizon outage: iPhones, Android devices stuck in SOS mode | Bleeping Computer
• Could Security Misconfigurations Become No. 1 in OWASP Top 10? | Dark Reading