Supplemental Cyber Highlights – October 29, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Cyble reports surge in cyberattacks targeting critical infrastructure and open-source vulnerabilities | Industrial Cyber
• Security Considerations for Field Equipment in Industrial Systems – Continued | Industrial Cyber

IT Vulnerability Security Update

• Exploited: Cisco, SharePoint, Chrome vulnerabilities | Help Net Security
• Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products | SecurityWeek
• Patching problems: The “return” of a Windows Themes spoofing vulnerability | Help Net Security

IT Malware, Threats & Risks

• Russia’s APT29 Mimics AWS Domains to Steal Windows Credentials | Dark Reading
• Black Basta operators phish employees via Microsoft Teams | Help Net Security
• More Details Shared on Windows Downgrade Attacks After Microsoft Rolls Out Mitigations | SecurityWeek
• Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766 | Security Affairs

Ransomware

• Researchers out new Qilin ransomware-as-a-service variant | Cyberscoop
• Fog ransomware targets SonicWall VPNs to breach corporate networks | Bleeping Computer

Cyber Resilience, General Awareness, & AI

• Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain | Security Affairs
• Top 10 strategic technology trends shaping the future of business | Help Net Security
• U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing | The Hacker News
• Trust and risk in the AI era | Help Net Security
• White House memo on AI focuses on safe and ethical development, global governance | Industrial Cyber