Supplemental Cyber Highlights – October 10, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

• Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries | The Hacker News
• National cyber director warns of ransomware, Chinese infrastructure attacks and cyber supply chain concerns | The Record
• Dragos announces public sector subsidiary to address OT cybersecurity challenges in government| Industrial Cyber

IT Vulnerability Security Update

• Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities | Cisco Talos
• Mozilla fixes Firefox zero-day actively exploited in attacks | Bleeping Computer
• Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) | Help Net Security
• Palo Alto Networks warns of firewall hijack bugs with public exploit | Bleeping Computer

IT Malware, Threats & Risks

• Top 3 Cybersecurity Threats of 2024 (So Far): What You Need to Know | Huntress
• Despite Prevalence of Online Threats, Users Aren’t Changing Behavior | Dark Reading
• The Perils of Ignoring Cybersecurity Basics | Dark Reading
• Two updated malware strains used in North Korean fake recruiter scams | The Record
• 31 New Ransomware Groups Join the Ecosystem in 12 Months | Infosecurity Magazine

Cyber Resilience &  General Awareness

• Keeper Security Cybersecurity Action Month: The Importance of Phishing Awareness | IT Security Guru
• The Role of the NIST CSF in Cyber Resilience | Tripwire
• Building Cyber Resilience in SMBs ​With ​Limited Resources | Dark Reading