Supplemental Cyber Highlights – October 3, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Can You Identify Your Critical Business Functions — and Their Technology Dependencies? | Industrial Cyber

IT Vulnerability Security Update

• Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) | Help Net Security
• DrayTek fixed critical flaws in over 700,000 exposed routers | Bleeping Computer

IT Malware, Threats & Risks

• After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks | SecurityWeek
• Private US companies targeted by Stonefly APT | Help Net Security
• Fake browser updates spread updated WarmCookie malware | Bleeping Computer
• 5,000 Fake Microsoft Emails that Your Employees Could Fall For | Checkpoint

Ransomware

• Multinational police effort hits sections of Lockbit ransomware operation | Cyberscoop
• Threat actor believed to be spreading new MedusaLocker variant since 2022 | Cisco Talos
• Ransomware activity shows no signs of slowing down | Help Net Security

Cyber Resilience & General Awareness

• One Order of Tips, Tricks & Hot Takes for Cybersecurity Awareness Month 2024 | Huntress
• America’s allies are shifting: Cyberspace is about persistence, not deterrence | Cyberscoop
• Cloudflare mitigated new record-breaking DDoS attack of 3.8 Tbps | Security Affairs
• Major Database Security Threats and How to Prevent Them | Tripwire