Supplemental Cyber Highlights – October 17, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

• Critical security flaws found in GoAhead web server deployed across IoT, embedded, ICS devices | Industrial Cyber
• CSAC approves draft reports to strengthen national cyber resilience, address critical infrastructure vulnerabilities | Industrial Cyber

IT Vulnerability Security Update

• Oracle October 2024 Critical Patch Update Addresses 198 CVEs | Tenable
• Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site | SecurityWeek
• Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters | SecurityWeek

IT Malware, Threats & Risks

• Two-thirds of Attributable Malware Linked to Nation States | Infosecurity Magazine
• Attackers exploit critical Zimbra vulnerability using cc’d email addresses | Proofpoint
• SaaS Supply Chain Risks: Biggest Threat to Your Data | Checkpoint  

Ransomware

• Brazilian Police Arrest Notorious Hacker USDoD | SecurityWeek
• RansomHub Overtakes LockBit as Most Prolific Ransomware Group | Infosecurity Magazine
• Ransomware encryption down amid surge of attacks, Microsoft says | Cyberscoop

Cyber Resilience, General Awareness & AI

• FIDO Alliance Proposes New Passkey Exchange Standard | Infosecurity Magazine
• The role of compromised cyber-physical devices in modern cyberattacks | Help Net Security
• AI Models in Cybersecurity: From Misuse to Abuse | SecurityWeek
• Resilience over reliance: Preparing for IT failures in an unpredictable digital world | Help Net Security