Supplemental Cyber Highlights – October 31, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Cloud Security Alliance unveils zero trust guidance for critical infrastructure amid rising threats | Industrial Cyber
• Detecting OT Cybersecurity Threats Using the Known-Unknown Matrix | Industrial Cyber

IT Vulnerability Security Update

• QNAP patches second zero-day exploited at Pwn2Own to get root | Bleeping Computer
• LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites | Hacker News
• Patch now! New Chrome update for two critical vulnerabilities | Malwarebytes Labs
• Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution | SecurityWeek

IT Malware, Threats & Risks

• FBI: Upcoming U.S. general election fuel multiple fraud schemes | Bleeping Computer
• Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations | SecurityWeek
• Android malware “FakeCall” now reroutes bank calls to attackers | Bleeping Computer
• Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware | The Hacker News
• Business Email Compromise (BEC) Impersonation: The Weapon of Choice of Cybercriminals | Dark Reading

Ransomware

• North Korean govt hackers linked to Play ransomware attack | Bleeping Computer
• Massive PSAUX ransomware attack targets 22,000 CyberPanel instances | Bleeping Computer

Cyber Resilience, General Awareness & AI

• API Security Matters: The Risks of Turning a Blind Eye | SecurityWeek
• When Cybersecurity Tools Backfire | Dark Reading
• Risk hunting: A proactive approach to cyber threats | Help Net Security
• Back to the Future, Securing Generative AI | SecurityWeek